Re: [clamav-users] Update problem today

[Ivan via clamav-users]

What about proxy?

best,

Ivan Cilento

Web Developer

+551139232986

On 26/04/2022 03:32, Dave Warren via clamav-users wrote:

On 2022-04-25 11:14, Paul Smith via clamav-users wrote:
The problem 'magically' disappeared as soon as the 26522 update was 
published, so, to me, it really looks as if there were bad files on 
one of the mirrors. The later update would have replaced that with a 
correct file, so it all works again.


I spotted a similar problem on another (unrelated) mirror hosted by 
Cloudflare.


I'll dig into it if I can reproduce it again, but a cache clear seems 
to have resolved it at the time.



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Update problem today

[Dave Warren via clamav-users]

On 2022-04-25 11:14, Paul Smith via clamav-users wrote:
The problem 'magically' disappeared as soon as the 26522 update was 
published, so, to me, it really looks as if there were bad files on one 
of the mirrors. The later update would have replaced that with a correct 
file, so it all works again.


I spotted a similar problem on another (unrelated) mirror hosted by 
Cloudflare.


I'll dig into it if I can reproduce it again, but a cache clear seems to 
have resolved it at the time.



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Update problem today

[Paul Smith via clamav-users]

On 23/04/2022 19:26, Mark Pizzolato - Clamav-Win32 wrote:

Yesterday afternoon, the desktop computer's freshclam update attempts continued
failing and along with these failures I was getting Windows Defender alerts 
about an
issue being detected with the onaccess Windows Defender scanning.  When I dug
into those reports, they pointed at a temp file in the clamav database directory
that freshclam was creating during the unpacking/update process.  The Windows
Defender quarantine process interrupted the freshclam update...  This may be
happening to you...  I added a Windows Defender exclusion form the clamav
database directory and the updates subsequently succeeded.
Thanks for the idea, but it wasn't that. The ClamAV directory was not 
being scanned by any other virus scanner, and surely, even if it was, 
that wouldn't cause Freshclam to download an out-dated daily.cvd file


The problem 'magically' disappeared as soon as the 26522 update was 
published, so, to me, it really looks as if there were bad files on one 
of the mirrors. The later update would have replaced that with a correct 
file, so it all works again.


Paul

--


Paul Smith Computer Services
Tel: 01484 855800
Vat No: GB 685 6987 53

Sign up for news & updates at http://www.pscs.co.uk/go/subscribe

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Update problem today

[Mark Pizzolato - Clamav-Win32 via clamav-users]

On Saturday, April 23, 2022 at 8:00 AM, Paul Smith wrote:
> On 23/04/2022 18:34, Paul Smith via clamav-users wrote:
> >
> > It downloads (what looks like) the wrong version. Then when it sees
> > the mismatch, it downloads the patch, but then can't merge them. Maybe
> > it downloaded the right file, with the wrong version identifier, so
> > the patch fails?
> 
> FWIW, This is the result of sigtool --info daily.cvd after the failed 
> freshclam
> run

I'm not sure when the latest update you're trying to pick up was issued, BUT
I've also got this stuff running under windows and the mail gateway server and 
also for testing on my desktop computer.

Yesterday afternoon, the desktop computer's freshclam update attempts continued 
failing and along with these failures I was getting Windows Defender alerts 
about an 
issue being detected with the onaccess Windows Defender scanning.  When I dug 
into those reports, they pointed at a temp file in the clamav database directory
that freshclam was creating during the unpacking/update process.  The Windows 
Defender quarantine process interrupted the freshclam update...  This may be 
happening to you...  I added a Windows Defender exclusion form the clamav 
database directory and the updates subsequently succeeded.

- Mark

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Update problem today

[Paul Smith via clamav-users]

On 23/04/2022 18:34, Paul Smith via clamav-users wrote:


It downloads (what looks like) the wrong version. Then when it sees 
the mismatch, it downloads the patch, but then can't merge them. Maybe 
it downloaded the right file, with the wrong version identifier, so 
the patch fails?


FWIW, This is the result of sigtool --info daily.cvd after the failed 
freshclam run


C:\temp]sigtool --info db\daily.cvd
File: db\daily.cvd
Build time: 22 Apr 2022 04:30 -0400
Version: 26520
Signatures: 1980741
Functionality level: 90
Builder: raynman
MD5: cb756214fb68e5b6bdec6fa4357015f2
Digital signature: 
uncyw2Ck5ZNYjZS7mIbhJcZ+1HXazERef7SKSbfHJCVCULBQstTBeRRD+qrNVDSJygv+zWyJvBCv8+Gf

BX6H4Jjazk2YOoXfyfS5G3AyCXdOfHgggUiWn49/6UMt0Mz9uQUSuQg4Ogrwer40Q6QIYJW9MUIeNPYo++lxg34RrRb
Verification OK.

If I run freshclam with that database in place, I get:

ClamAV update process started at Sat Apr 23 18:56:50 2022
daily database available for update (local version: 26520, remote 
version: 26521)

Current database is 1 version behind.
Downloading database patch # 26521...
Time:    0.1s, ETA:    0.0s [>] 18.32KiB/18.32KiB
ERROR: buildcld: Can't add daily.ldb to new daily.cld - please check if 
there is enough disk space

available
ERROR: updatedb: Incremental update failed. Failed to build CLD.
ERROR: Unexpected error when attempting to update daily: Failed to 
update database

ERROR: Database update process failed: Failed to update database
ERROR: Update failed.

(there is plenty of free disk space)

I can't see what the patch file is like as that doesn't seem to get left 
after freshclam terminates, and I can't see an option to prevent it 
being deleted




--


Paul Smith Computer Services
Tel: 01484 855800
Vat No: GB 685 6987 53

Sign up for news & updates at http://www.pscs.co.uk/go/subscribe

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Update problem today

[Paul Smith via clamav-users]

On 23 April 2022 19:11:06 "G.W. Haywood via clamav-users">



...
ERROR: buildcld: Can't add daily.ldb to new daily.cld - please check if 
there is enough disk space available


Did you check?


Of course. I presume 290GB is enough

In any case why would it download the wrong version if there was a disk 
space problem?


If you look at its output, Freshclam is even reporting that the version it 
downloaded isn't what it was expecting to download.


It downloads (what looks like) the wrong version. Then when it sees the 
mismatch, it downloads the patch, but then can't merge them. Maybe it 
downloaded the right file, with the wrong version identifier, so the patch 
fails?


I don't doubt that it works for many people, otherwise someone else would 
probably have noticed, but it's not working here, and it's repeatable. It's 
been fine until this morning


I've just tried again, and again (emptying the DB before each test, but no 
other changes) . It worked twice, and then stopped working again. Out of 
about 20 attempts, 2 worked, the others failed with this problem. So, I'd 
guess that that one of the mirrors has a broken file on it, and I'm just 
unlucky to be allocated that mirror most of the time.




Paul




--


Paul Smith Computer Services
Tel: 01484 855800
Vat No: GB 685 6987 53

Sign up for news & updates at http://www.pscs.co.uk/go/subscribe
___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Update problem today

[G.W. Haywood via clamav-users]

Hi there,

On Sat, 23 Apr 2022, Paul Smith via clamav-users wrote:

Hi, I'm using ClamAV 104.2 (for Windows) and am getting an update problem 
which looks like one of the mirrors isn't updated properly. It's been doing 
this all day.
It's seeing that the latest version is 26521, but the file it's downloading 
is 26520 and then it's trying to download a patch and that is failing ...


The update to 26521 happened here at 13:29 UTC today, no problem.


...
ERROR: buildcld: Can't add daily.ldb to new daily.cld - please check if there 
is enough disk space available


Did you check?

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Update problem today

[Paul Smith via clamav-users]

Hi, I'm using ClamAV 104.2 (for Windows) and am getting an update 
problem which looks like one of the mirrors isn't updated properly. It's 
been doing this all day.


It's seeing that the latest version is 26521, but the file it's 
downloading is 26520 and then it's trying to download a patch and that 
is failing


(The daily.cvd database downloaded from https://database.clamav.net is 
older than the version advertised in the DNS TXT record.
Received an older daily CVD than was advertised. We'll keep it and try 
updating to the latest version with CDIFFs.)


Here's the output of freshclam -v on a blank database

Current working dir is d:\clam\db\
Can't open freshclam.dat in d:\clam\db
It probably doesn't exist yet. That's ok.
Failed to load freshclam.dat; will create a new freshclam.dat
Creating new freshclam.dat
Saved freshclam.dat
ClamAV update process started at Sat Apr 23 17:08:04 2022
Current working dir is d:\clam\db\
Querying current.cvd.clamav.net
TTL: 747
fc_dns_query_update_info: Software version from DNS: 0.103.5
Current working dir is d:\clam\db\
check_for_new_database_version: No local copy of "daily" database.
query_remote_database_version: daily.cvd version from DNS: 26521
daily database available for download (remote version: 26521)
Retrieving https://database.clamav.net/daily.cvd
downloadFile: Download source: https://database.clamav.net/daily.cvd
downloadFile: Download destination: 
d:\clam\db\tmp.b7b76a09b1\clamav-a9c4531a90e867ba4f628badafcd9650.tmp

*   Trying 104.16.218.84:443...
* Connected to database.clamav.net (104.16.218.84) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
Certificate loaded from Windows certificate store: Microsoft Root 
Certificate Authority

Certificate loaded from Windows certificate store: Thawte Timestamping CA
Certificate loaded from Windows certificate store: Microsoft Root Authority
Certificate loaded from Windows certificate store: Symantec Enterprise 
Mobile Root for Microsoft
Certificate loaded from Windows certificate store: Microsoft Root 
Certificate Authority 2011
Certificate loaded from Windows certificate store: Microsoft 
Authenticode(tm) Root
Certificate loaded from Windows certificate store: Microsoft Root 
Certificate Authority 2010

Certificate loaded from Windows certificate store: Microsoft Timestamp Root
Certificate loaded from Windows certificate store: VeriSign Time Stamping CA
Certificate loaded from Windows certificate store: Sectigo (UTN Object)
Certificate loaded from Windows certificate store: DigiCert Global Root G2
Certificate loaded from Windows certificate store: GeoTrust Global CA
Certificate loaded from Windows certificate store: DigiCert Trusted Root G4
Certificate loaded from Windows certificate store: DST Root CA X3
Certificate loaded from Windows certificate store: GlobalSign Root CA - R3
Certificate loaded from Windows certificate store: DigiCert Baltimore Root
Certificate loaded from Windows certificate store: GeoTrust
Certificate loaded from Windows certificate store: Sectigo (AAA)
Certificate loaded from Windows certificate store: GlobalSign Root CA - R1
Certificate loaded from Windows certificate store: Sectigo (formerly 
Comodo CA)
Certificate loaded from Windows certificate store: Starfield Class 2 
Certification Authority

Certificate loaded from Windows certificate store: DigiCert
Certificate loaded from Windows certificate store: thawte
Certificate loaded from Windows certificate store: Google Trust Services 
- GlobalSign Root CA-R2
Certificate loaded from Windows certificate store: VeriSign Class 3 
Public Primary CA

Certificate loaded from Windows certificate store: DigiCert
Certificate loaded from Windows certificate store: VeriSign
Certificate loaded from Windows certificate store: VeriSign Universal 
Root Certification Authority

Certificate loaded from Windows certificate store: Sectigo
Certificate loaded from Windows certificate store: Go Daddy Class 2 
Certification Authority

Certificate loaded from Windows certificate store: DigiCert
Certificate loaded from Windows certificate store: Sectigo (AddTrust)
Certificate loaded from Windows certificate store: pscs-PLUTO-CA
Certificate loaded from Windows certificate store: pscs-VMHOST1-CA
Certificate loaded from Windows certificate store: pscs-VMHOST1-CA
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; 
CN=sni.cloudflaressl.com

*  start date: Jul 15 00:00:00 2021 GMT
*  expire date: Jul 14 23:59:59 2022 GMT
*  subjectAltName: host "database.clamav.net" matched cert's 
"database.clamav.net"

*  issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after 
upgrade: len=0

* Using Stream ID: 1 (easy handle 0xf8f928)
> GET /daily.cvd H

Re: [clamav-users] Update on rate limits and downloading

[Micah Snyder (micasnyd) via clamav-users]

Mark,

Thanks for tracking down the freshclam.conf issue and submitting the bug report.

With regards to the 5 second between attempts, I'm not sure either.  It would 
seem reasonable if there was some sort of network glitch, but if it's a 
persistent issue like the receive timeout for slower connections, then yeah 5 
seconds doesn't make much sense.  I'm not really sure what to say.  We could 
reduce the number or retries attempts as well, but in the end the config change 
to "ReceiveTimeout=0" should resolve the issue and no one should have to retry. 
 I'm inclined to leave freshclam as-is.

Regarding the mirrors.dat ownership issue:  You're probably right.  It probably 
tries to update mirrors.dat later on after it has switched to run as "clamav" 
and then fails. :-(
Well, we'll get this fixed in the next patch release. Sorry about the trouble.

-Micah

> -Original Message-
> From: clamav-users  On Behalf Of
> clamav.mbou...@spamgourmet.com
> Sent: Friday, May 7, 2021 1:33 PM
> To: clamav-users@lists.clamav.net
> Subject: Re: [clamav-users] Update on rate limits and downloading
> 
> Hi Micah,
> 
> Thanks for the info.  It looks like the timeout is an Ubuntu packaging issue. 
>  The
> post-install scripts for the Ubuntu 16.04 and 18.04 clamav-freshclam 0.103.2
> packages create a freshclam.conf with "ReceiveTimeout=30", while the Ubuntu
> 20.04 package sets "ReceiveTimeout=0".  I hadn't thought there would be a
> difference between the packages for different versions of Ubuntu, since 
> they're
> all ClamAV/FreshClam version 0.103.2.  I've raised a bug on launchpad
> <https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/192> to
> suggest at least updating the 18.04 package (and the 16.04 one if it's still
> getting updates now that 16.04 itself is end-of-life).
> 
> I'm still not sure whether FreshClam should be holding off for a bit longer 
> than
> 5 seconds between attempts, to avoid triggering the rate limiting?  The 
> closest
> thing I can see in the configuration is "MaxAttempts 5".  Although from the 
> log,
> it looks like it tries 5 times with 5 seconds between attempts, says "Giving 
> up
> on https://database.clamav.net...";, but then immediately starts trying again
> and triggers the rate limiting after a few more attempts.
> 
> I haven't run freshclam manually at all, it's only ever been run by the 
> clamav-
> freshclam systemd service installed by the package.  It doesn't look like the
> service configuration specifies a user, so it's presumably starting as root, 
> but
> freshclam is then dropping privileges to the "clamav" user after starting
> (freshclam.conf includes "DatabaseOwner clamav").  It looks like it might be
> creating the file as root before dropping privileges, and then trying to 
> update it
> later - probably hitting the same condition as you mention when running it via
> sudo and then in other ways.
> 
> Thanks,
> Mark.
> 
> 
> Micah Snyder micasnyd via clamav-users wrote:
> > Hi Mark,
> >
> > I'm not sure how you got a config with the default set to "ReceiveTimeout
> 30".  I just tested with ubunte 20.04 a moment ago and a fresh `apt install
> clamav` (0.103.2).  The config I found in /etc/clamav/freshclam.conf has
> "ReceiveTimeout 0" which means it is disabled. ClamAV's built-in default (if 
> you
> don't specify) is also "0". So I'm not really sure what went wrong for you.
> >
> > So we do have a minor problem with the mirrors.dat in 0.103.2.  It will be
> owned by root instead of by the "clamav" user if you run "sudo freshclam --
> daemon". Then if you try running freshclam a different way, you may run into
> permissions issues.  We'll have to fix this in the next patch version ☹.
> >
> > -Micah
> >
> >> -Original Message-
> >> From: clamav-users  On Behalf Of
> >> clamav.mbou...@spamgourmet.com
> >> Sent: Thursday, May 6, 2021 1:12 PM
> >> To: clamav-users@lists.clamav.net
> >> Subject: Re: [clamav-users] Update on rate limits and downloading
> >>
> >> Joel Esler jesler via clamav-users wrote:
> >>> Overall — we’re doing much better.
> >>>
> >>> We’ve reduced the amount of bandwidth we’re serving by 4x, so we’ve
> >>> made significant progress.
> >>>
> >>> /However, /we still have over 700 individual systems downloading the
> >>> full daily.cvd over 200x a day. (This should be once a day, /if
> >>> that/.)
> >>

Re: [clamav-users] Update on rate limits and downloading

[clamav . mbourne]

Hi Micah,

Thanks for the info.  It looks like the timeout is an Ubuntu packaging 
issue.  The post-install scripts for the Ubuntu 16.04 and 18.04 
clamav-freshclam 0.103.2 packages create a freshclam.conf with 
"ReceiveTimeout=30", while the Ubuntu 20.04 package sets 
"ReceiveTimeout=0".  I hadn't thought there would be a difference 
between the packages for different versions of Ubuntu, since they're all 
ClamAV/FreshClam version 0.103.2.  I've raised a bug on launchpad 
<https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/192> to 
suggest at least updating the 18.04 package (and the 16.04 one if it's 
still getting updates now that 16.04 itself is end-of-life).


I'm still not sure whether FreshClam should be holding off for a bit 
longer than 5 seconds between attempts, to avoid triggering the rate 
limiting?  The closest thing I can see in the configuration is 
"MaxAttempts 5".  Although from the log, it looks like it tries 5 times 
with 5 seconds between attempts, says "Giving up on 
https://database.clamav.net...";, but then immediately starts trying 
again and triggers the rate limiting after a few more attempts.


I haven't run freshclam manually at all, it's only ever been run by the 
clamav-freshclam systemd service installed by the package.  It doesn't 
look like the service configuration specifies a user, so it's presumably 
starting as root, but freshclam is then dropping privileges to the 
"clamav" user after starting (freshclam.conf includes "DatabaseOwner 
clamav").  It looks like it might be creating the file as root before 
dropping privileges, and then trying to update it later - probably 
hitting the same condition as you mention when running it via sudo and 
then in other ways.


Thanks,
Mark.


Micah Snyder micasnyd via clamav-users wrote:

Hi Mark,

I'm not sure how you got a config with the default set to "ReceiveTimeout 30".  I just tested with 
ubunte 20.04 a moment ago and a fresh `apt install clamav` (0.103.2).  The config I found in 
/etc/clamav/freshclam.conf has "ReceiveTimeout 0" which means it is disabled. ClamAV's built-in 
default (if you don't specify) is also "0". So I'm not really sure what went wrong for you.

So we do have a minor problem with the mirrors.dat in 0.103.2.  It will be owned by root instead of 
by the "clamav" user if you run "sudo freshclam --daemon". Then if you try 
running freshclam a different way, you may run into permissions issues.  We'll have to fix this in 
the next patch version ☹.

-Micah
  

-----Original Message-
From: clamav-users  On Behalf Of
clamav.mbou...@spamgourmet.com
Sent: Thursday, May 6, 2021 1:12 PM
To: clamav-users@lists.clamav.net
Subject: Re: [clamav-users] Update on rate limits and downloading

Joel Esler jesler via clamav-users wrote:

Overall — we’re doing much better.

We’ve reduced the amount of bandwidth we’re serving by 4x, so we’ve
made significant progress.

/However, /we still have over 700 individual systems downloading the
full daily.cvd over 200x a day. (This should be once a day, /if
that/.)

If you are not using 0.103.2 and it’s accompanying FreshClam to
download these updates, and when you do create a NEW FreshClam.conf
file and move your settings to that.  We’re going to have to start
blocking these atrocious abusers, as the rate limits are hurting
everyone else at this point.


I'm new to installing ClamAV, so there may be something I haven't done
quite right here.  A couple of weeks ago, I installed ClamAV 0.103.2 from the
Ubuntu repositories (clamav, clamav-freshclam, clamav-daemon, clamav-
docs, clamtk and libclamunrar9 packages).

By default, FreshClam seems to use too short a download timeout and retry
too frequently, triggering the rate limiting.  After installing, the FreshClam
service would repeatedly attempt to download the daily.cvd file, time out
after 30 seconds, and wait 5 seconds before trying again.
After a few attempts, it then gets blocked by the CDN (if that's what "you are
on cool-down" in the log means?) for 4 hours.  By the time I'd realised this
was happening following the initial install, I was already blocked.

Perhaps this might, if left in a default configuration, be seen to attempt to
download daily.cvd over 100 times a day, but without ever actually getting
the whole file.  From what I'd seen here and in documentation / FAQs, I
thought FreshClam was supposed to avoid retrying so frequently that it
triggers the rate limiting?

I don't know if the default configuration is provided by ClamAV or the
Ubuntu packaging (either way, it seems FreshClam shouldn't just keep
retrying so quickly?)  In my case, freshclam.conf originally had
"ReceiveTimeout 30".  Increasing it to 60 wasn't enough.  I then went to 600,
which was successful

Re: [clamav-users] Update on rate limits and downloading

[Micah Snyder (micasnyd) via clamav-users]

Hi Mark,

I'm not sure how you got a config with the default set to "ReceiveTimeout 30".  
I just tested with ubunte 20.04 a moment ago and a fresh `apt install clamav` 
(0.103.2).  The config I found in /etc/clamav/freshclam.conf has 
"ReceiveTimeout 0" which means it is disabled. ClamAV's built-in default (if 
you don't specify) is also "0". So I'm not really sure what went wrong for you.

So we do have a minor problem with the mirrors.dat in 0.103.2.  It will be 
owned by root instead of by the "clamav" user if you run "sudo freshclam 
--daemon". Then if you try running freshclam a different way, you may run into 
permissions issues.  We'll have to fix this in the next patch version ☹. 

-Micah
 
> -Original Message-
> From: clamav-users  On Behalf Of
> clamav.mbou...@spamgourmet.com
> Sent: Thursday, May 6, 2021 1:12 PM
> To: clamav-users@lists.clamav.net
> Subject: Re: [clamav-users] Update on rate limits and downloading
> 
> Joel Esler jesler via clamav-users wrote:
> > Overall — we’re doing much better.
> >
> > We’ve reduced the amount of bandwidth we’re serving by 4x, so we’ve
> > made significant progress.
> >
> > /However, /we still have over 700 individual systems downloading the
> > full daily.cvd over 200x a day. (This should be once a day, /if
> > that/.)
> >
> > If you are not using 0.103.2 and it’s accompanying FreshClam to
> > download these updates, and when you do create a NEW FreshClam.conf
> > file and move your settings to that.  We’re going to have to start
> > blocking these atrocious abusers, as the rate limits are hurting
> > everyone else at this point.
> 
> I'm new to installing ClamAV, so there may be something I haven't done
> quite right here.  A couple of weeks ago, I installed ClamAV 0.103.2 from the
> Ubuntu repositories (clamav, clamav-freshclam, clamav-daemon, clamav-
> docs, clamtk and libclamunrar9 packages).
> 
> By default, FreshClam seems to use too short a download timeout and retry
> too frequently, triggering the rate limiting.  After installing, the FreshClam
> service would repeatedly attempt to download the daily.cvd file, time out
> after 30 seconds, and wait 5 seconds before trying again.
> After a few attempts, it then gets blocked by the CDN (if that's what "you are
> on cool-down" in the log means?) for 4 hours.  By the time I'd realised this
> was happening following the initial install, I was already blocked.
> 
> Perhaps this might, if left in a default configuration, be seen to attempt to
> download daily.cvd over 100 times a day, but without ever actually getting
> the whole file.  From what I'd seen here and in documentation / FAQs, I
> thought FreshClam was supposed to avoid retrying so frequently that it
> triggers the rate limiting?
> 
> I don't know if the default configuration is provided by ClamAV or the
> Ubuntu packaging (either way, it seems FreshClam shouldn't just keep
> retrying so quickly?)  In my case, freshclam.conf originally had
> "ReceiveTimeout 30".  Increasing it to 60 wasn't enough.  I then went to 600,
> which was successful.  Somewhere in between would probably have been
> fine, but incrementing more gradually would have been a long process,
> having to wait at least 4 hours between attempts (particularly as restarting
> FreshClam after setting a new timeout seems to get blocked for a further 4
> hours - not just the remainder of the original block).
> 
> In case it's of any use (and if this list allows it), I've attached my 
> freshclam.log
> from those initial attempts.
> 
> All seems to be working OK now, but posting here in case the information is
> useful.
> 
> > Please help us, stay diligent, keep going keep upgrading.  Upgrade to
> > 0.103.2, and keep your mirrors.dat file around, this file contains a
> > snapshot of where you are in your update progression so that the next
> > time that FreshClam run, it can start where it left off.
> 
> Interesting you should mention mirrors.dat... Aside from the downloads
> timing out, there are also some errors in my freshclam.log about not being
> able to create mirrors.dat.  That's a bit odd, since the /var/lib/clamav/
> directory is owned and writeable by the correct user, but the mirrors.dat file
> within it is owned by root.  Deleting that file and restarting the freshclam
> service, the mirrors.dat file gets recreated, again owned by root.  That error
> hasn't appeared in the logs since, although mirrors.dat is still dated 25th 
> April,
> so I'm not sure if there's still a problem with that.
> 
> --
> Mark.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Update on rate limits and downloading

[j via clamav-users]

 
 Alright, I'll try this. I've been using your Product for quite sometime 
without problems.
 

 On Thursday, May 6, 2021, 02:09:12 PM CDT, Joel Esler (jesler) via 
clamav-users  wrote:  
 
  Overall — we’re doing much better.  
We’ve reduced the amount of bandwidth we’re serving by 4x, so we’ve made 
significant progress.
However, we still have over 700 individual systems downloading the full 
daily.cvd over 200x a day. (This should be once a day,if that.)
If you are not using 0.103.2 and it’s accompanying FreshClam to download these 
updates, and when you do create a NEW FreshClam.conf file and move your 
settings to that.  We’re going to have to start blocking these atrocious 
abusers, as the rate limits are hurting everyone else at this point.
Please help us, stay diligent, keep going keep upgrading.  Upgrade to 0.103.2, 
and keep your mirrors.dat file around, this file contains a snapshot of where 
you are in your update progression so that the next time that FreshClam run, it 
can start where it left off.
-- Joel EslerManager, Communities DivisionCisco Talos Intelligence 
Grouphttps://www.talosintelligence.com |https://www.snort.org | 
https://www.clamav.net 
___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
  
___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Update on rate limits and downloading

[clamav . mbourne]

Joel Esler jesler via clamav-users wrote:

Overall — we’re doing much better.

We’ve reduced the amount of bandwidth we’re serving by 4x, so we’ve made 
significant progress.


/However, /we still have over 700 individual systems downloading the 
full daily.cvd over 200x a day. (This should be once a day, /if that/.)


If you are not using 0.103.2 and it’s accompanying FreshClam to download 
these updates, and when you do create a NEW FreshClam.conf file and move 
your settings to that.  We’re going to have to start blocking these 
atrocious abusers, as the rate limits are hurting everyone else at this 
point.


I'm new to installing ClamAV, so there may be something I haven't done 
quite right here.  A couple of weeks ago, I installed ClamAV 0.103.2 
from the Ubuntu repositories (clamav, clamav-freshclam, clamav-daemon, 
clamav-docs, clamtk and libclamunrar9 packages).


By default, FreshClam seems to use too short a download timeout and 
retry too frequently, triggering the rate limiting.  After installing, 
the FreshClam service would repeatedly attempt to download the daily.cvd 
file, time out after 30 seconds, and wait 5 seconds before trying again. 
After a few attempts, it then gets blocked by the CDN (if that's what 
"you are on cool-down" in the log means?) for 4 hours.  By the time I'd 
realised this was happening following the initial install, I was already 
blocked.


Perhaps this might, if left in a default configuration, be seen to 
attempt to download daily.cvd over 100 times a day, but without ever 
actually getting the whole file.  From what I'd seen here and in 
documentation / FAQs, I thought FreshClam was supposed to avoid retrying 
so frequently that it triggers the rate limiting?


I don't know if the default configuration is provided by ClamAV or the 
Ubuntu packaging (either way, it seems FreshClam shouldn't just keep 
retrying so quickly?)  In my case, freshclam.conf originally had 
"ReceiveTimeout 30".  Increasing it to 60 wasn't enough.  I then went to 
600, which was successful.  Somewhere in between would probably have 
been fine, but incrementing more gradually would have been a long 
process, having to wait at least 4 hours between attempts (particularly 
as restarting FreshClam after setting a new timeout seems to get blocked 
for a further 4 hours - not just the remainder of the original block).


In case it's of any use (and if this list allows it), I've attached my 
freshclam.log from those initial attempts.


All seems to be working OK now, but posting here in case the information 
is useful.


Please help us, stay diligent, keep going keep upgrading.  Upgrade to 
0.103.2, and keep your mirrors.dat file around, this file contains a 
snapshot of where you are in your update progression so that the next 
time that FreshClam run, it can start where it left off.


Interesting you should mention mirrors.dat... Aside from the downloads 
timing out, there are also some errors in my freshclam.log about not 
being able to create mirrors.dat.  That's a bit odd, since the 
/var/lib/clamav/ directory is owned and writeable by the correct user, 
but the mirrors.dat file within it is owned by root.  Deleting that file 
and restarting the freshclam service, the mirrors.dat file gets 
recreated, again owned by root.  That error hasn't appeared in the logs 
since, although mirrors.dat is still dated 25th April, so I'm not sure 
if there's still a problem with that.


--
Mark.
Sun Apr 25 18:52:39 2021 -> --
Sun Apr 25 18:52:39 2021 -> freshclam daemon 0.103.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Sun Apr 25 18:52:39 2021 -> ClamAV update process started at Sun Apr 25 18:52:39 2021
Sun Apr 25 18:52:39 2021 -> daily database available for download (remote version: 26151)
Sun Apr 25 18:53:09 2021 -> WARNING: Download failed (28) Sun Apr 25 18:53:09 2021 -> WARNING:  Message: Timeout was reached
Sun Apr 25 18:53:09 2021 -> WARNING: Can't download daily.cvd from https://database.clamav.net/daily.cvd
Sun Apr 25 18:53:09 2021 -> Trying again in 5 secs...
Sun Apr 25 18:53:14 2021 -> daily database available for download (remote version: 26151)
Sun Apr 25 18:53:44 2021 -> WARNING: Download failed (28) Sun Apr 25 18:53:44 2021 -> WARNING:  Message: Timeout was reached
Sun Apr 25 18:53:44 2021 -> WARNING: Can't download daily.cvd from https://database.clamav.net/daily.cvd
Sun Apr 25 18:53:44 2021 -> Trying again in 5 secs...
Sun Apr 25 18:53:49 2021 -> daily database available for download (remote version: 26151)
Sun Apr 25 18:54:19 2021 -> WARNING: Download failed (28) Sun Apr 25 18:54:19 2021 -> WARNING:  Message: Timeout was reached
Sun Apr 25 18:54:19 2021 -> WARNING: Can't download daily.cvd from https://database.clamav.net/daily.cvd
Sun Apr 25 18:54:19 2021 -> Trying again in 5 secs...
Sun Apr 25 18:54:24 2021 -> daily database available for download (remote version: 26151)
Sun Apr 25 18:54:54 2021 -> WARNING: Download failed (28) Sun Apr 25 18:54:54 2

[clamav-users] Update on rate limits and downloading

[Joel Esler (jesler) via clamav-users]

Overall — we’re doing much better.

We’ve reduced the amount of bandwidth we’re serving by 4x, so we’ve made 
significant progress.

However, we still have over 700 individual systems downloading the full 
daily.cvd over 200x a day. (This should be once a day, if that.)

If you are not using 0.103.2 and it’s accompanying FreshClam to download these 
updates, and when you do create a NEW FreshClam.conf file and move your 
settings to that.  We’re going to have to start blocking these atrocious 
abusers, as the rate limits are hurting everyone else at this point.

Please help us, stay diligent, keep going keep upgrading.  Upgrade to 0.103.2, 
and keep your mirrors.dat file around, this file contains a snapshot of where 
you are in your update progression so that the next time that FreshClam run, it 
can start where it left off.

--
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
https://www.talosintelligence.com | https://www.snort.org | 
https://www.clamav.net

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] update 25717 clamdmon showing NO OK

[Mark Moshe Kaye]

from clam-update.log:

--
ClamAV update process started at Fri Feb  7 06:57:01 2020
daily database available for update (local version: 25716, remote 
version: 25717)
Testing database: 
'/usr/local/share/clamav/tmp.e1a28/clamav-19a0fec778f453c2ae9e9c0a247a66ca.tmp-daily.cld' 
...

Database test passed.
daily.cld updated (version: 25717, sigs: 2177826, f-level: 63, builder: 
raynman)
main.cld database is up to date (version: 59, sigs: 4564902, f-level: 
60, builder: sigmgr)
bytecode.cld database is up to date (version: 331, sigs: 94, f-level: 
63, builder: anvilleg)

--
ClamAV update process started at Fri Feb  7 07:22:42 2020
daily.cld database is up to date (version: 25717, sigs: 2177826, 
f-level: 63, builder: raynman)
main.cld database is up to date (version: 59, sigs: 4564902, f-level: 
60, builder: sigmgr)
bytecode.cld database is up to date (version: 331, sigs: 94, f-level: 
63, builder: anvilleg)

--

The problem with clamdmon started as of version 25717.

from clamd.log :

stream(127.0.0.1@1649): Eicar-Test-Signature FOUND
stream(127.0.0.1@1611): Eicar-Test-Signature FOUND
SelfCheck: Database modification detected. Forcing reload.
Reading databases from /usr/local/share/clamav
Database correctly reloaded (6732642 signatures)
stream(127.0.0.1@1072): Clamav.Test.File-7 FOUND
stream(127.0.0.1@1277): Clamav.Test.File-7 FOUND
stream(127.0.0.1@2008): Clamav.Test.File-7 FOUND  < - please note name 
change.


from clamdmon:

[12:13:27 root ~]# /usr/local/sbin/clamdmon -p /tmp/clamd
Looks like ClamAV daemon is not OK. Check up database integrity and 
restart daemon



I believe that clamdmon will fail unless it detects that name, 
Eicar-Test-Signature.


HTH,

~moshe







___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update 25717 clamdmon showing NO OK

[Joel Esler (jesler) via clamav-users]

Any  additional logs you can provide?

-- 
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
http://www.talosintelligence.com


On 2/7/20, 7:59 AM, "clamav-users on behalf of Mark Moshe Kaye" 
 wrote:

Hi All,

As of daily.cld update 25717 my clamdmon process no longer works 
although clamd still shows an ok status and clamd.log is showing 
stream(127.0.0.1@1957): Clamav.Test.File-7 FOUND.

Advise please!

Thank you,

~Moshe



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



smime.p7s
Description: S/MIME cryptographic signature

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] update 25717 clamdmon showing NO OK

[Mark Moshe Kaye]

Hi All,

As of daily.cld update 25717 my clamdmon process no longer works 
although clamd still shows an ok status and clamd.log is showing 
stream(127.0.0.1@1957): Clamav.Test.File-7 FOUND.


Advise please!

Thank you,

~Moshe



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Update policy for clamd@.service

[Herbert via clamav-users]

RESOLVED with help of 
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/sect-Managing_Services_with_systemd-Unit_Files#brid-Managing_Services_with_systemd-Extending_Unit_Config


I simply had to (removed former approach first):

1) cp /usr/lib/systemd/clam@.service  /etc/systemd/system/
2) made my changes in copied file
3) perfomed systemctl daemon-reload
4) Checked changes with systemd-delta:
[.. snippet ..]
[OVERRIDDEN] /etc/systemd/system/clamd@.service → 
/usr/lib/systemd/system/clamd@.service


--- /usr/lib/systemd/system/clamd@.service  2019-08-23 
17:07:29.0 +0200

+++ /etc/systemd/system/clamd@.service  2019-08-26 14:17:31.144758369 +0200
@@ -1,5 +1,5 @@
 [Unit]
-Description = clamd scanner (%i) daemon
+Description = Customized clamd scanner (%i) daemon
 Documentation=man:clamd(8) man:clamd.conf(5) 
https://www.clamav.net/documents/

 # Check for database existence
 # ConditionPathExistsGlob=@DBDIR@/main.{c[vl]d,inc}
@@ -9,4 +9,5 @@
 [Service]
 Type = forking
 ExecStart = /usr/sbin/clamd -c /etc/clamd.d/%i.conf
-Restart = on-failure
+#Restart = on-failure
+TimeoutSec = 600

Thanks to everyone who helped. Great community indeed!



On 26.08.2019 11:27, Fajar A. Nugraha via clamav-users wrote:
On Mon, Aug 26, 2019 at 4:18 PM Herbert via clamav-users 
mailto:clamav-users@lists.clamav.net>> 
wrote:


Hi all,

System Fedora 5.2.9-200.fc30.x86_64
ClamAv 0.101.4


I wonder why a DNF update changes my customized
/usr/lib/systemd/clam@,service file.


... because you shouldn't have modified that file?
https://docs.fedoraproject.org/en-US/quick-docs/understanding-and-administering-systemd/#modifying-existing-systemd-services

Background:
I had to add/change the following configurations in above
mentioned file
to overcome
a timeout issue.

TimeOutSec = 600
#Restart = on-failure        # to avoid restarting on timeout failure


If it's an addition, you could probably use systemd drop-in 
configuration file instead, e.g.

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/sect-Managing_Services_with_systemd-Unit_Files#brid-Managing_Services_with_systemd-Extending_Unit_Config

IMHO an update should not change the service files, but instead
install
a new version of this file(s)
with an appropriate extension. In addition DNF update should inform
about this with a warning.


Are you sure you're not confusing /usr/lib/systemd with files under 
/etc ? AFAIK what you wrote is correct for files in /etc.


--
Fajar

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Update policy for clamd@.service

[Reio Remma via clamav-users]

You only need:

[Service]
TimeoutSec = 600

Good luck,
Reio

> On 26 Aug 2019, at 14:22, Herbert via clamav-users 
>  wrote:
> 
> Followed instructions on how to custimize an existing systemd service:
> 
> 1) Created new folder /etc/systemd/system/clamd@.service.d
> 
> 2) Created new file /etc/systemd/system/clamd@.service.d/custom.conf
> [Unit]
> Description = Customized clamd scanner (%i) daemon
> Documentation=man:clamd(8) man:clamd.conf(5) https://www.clamav.net/documents/
> # Check for database existence
> # ConditionPathExistsGlob=@DBDIR@/main.{c[vl]d,inc}
> # ConditionPathExistsGlob=@DBDIR@/daily.{c[vl]d,inc}
> After = syslog.target nss-lookup.target network.target
> [Service]
> Type = forking
> ExecStart = /usr/sbin/clamd -c /etc/clamd.d/%i.conf
> #Restart = on-failure
> TimeoutSec = 600
> 
> 3) systemctl status clamd@scan.service reports an error:
> Warning: The unit file, source configuration file or drop-ins of 
> clamd@scan.service changed on disk. Run 'systemctl daemon-reload' to reload 
> units.
> ● clamd@scan.service - Customized clamd scanner (scan) daemon
>Loaded: bad-setting (Reason: Unit clamd@scan.service has a bad unit file 
> setting.)
>   Drop-In: /etc/systemd/system/clamd@.service.d
>└─custom.conf
>Active: inactive (dead)
>  Docs: man:clamd(8)
>man:clamd.conf(5)
>https://www.clamav.net/documents/
>man:clamd(8)
>man:clamd.conf(5)
>https://www.clamav.net/documents/
> 
> clamd@scan.service: Service has more than one ExecStart= setting, which is 
> only allowed for Type=oneshot services. Refusing.
> 
> What am I missing?
> 
> 
>> On 26.08.2019 12:08, Reio Remma via clamav-users wrote:
>>> On 26/08/2019 12:27, Fajar A. Nugraha via clamav-users wrote:
>>> On Mon, Aug 26, 2019 at 4:18 PM Herbert via clamav-users 
>>>  wrote:
 Hi all,
 
 System Fedora 5.2.9-200.fc30.x86_64
 ClamAv 0.101.4
 
 
 I wonder why a DNF update changes my customized 
 /usr/lib/systemd/clam@,service file.
 
>>> 
>>> ... because you shouldn't have modified that file?
>>> https://docs.fedoraproject.org/en-US/quick-docs/understanding-and-administering-systemd/#modifying-existing-systemd-services
>>> 
>>>  
>> 
>> Thanks for that link!
>> 
>> I'm having to modify service configuration as well due to fairly outdated 
>> hardware where clamd loads about 3 minutes.
>> 
>> Probably ought to bugrep it to Fedora/CentOS etc.
>> 
>> Thanks,
>> Reio
>> 
>> 
>> ___
>> 
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>> 
>> 
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
> 
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Update policy for clamd@.service

[Herbert via clamav-users]

Followed instructions on how to custimize an existing systemd service:

1) Created new folder /etc/systemd/system/clamd@.service.d

2) Created new file /etc/systemd/system/clamd@.service.d/custom.conf
[Unit]
Description = Customized clamd scanner (%i) daemon
Documentation=man:clamd(8) man:clamd.conf(5) 
https://www.clamav.net/documents/

# Check for database existence
# ConditionPathExistsGlob=@DBDIR@/main.{c[vl]d,inc}
# ConditionPathExistsGlob=@DBDIR@/daily.{c[vl]d,inc}
After = syslog.target nss-lookup.target network.target
[Service]
Type = forking
ExecStart = /usr/sbin/clamd -c /etc/clamd.d/%i.conf
#Restart = on-failure
TimeoutSec = 600

3) systemctl status clamd@scan.service reports an error:
Warning: The unit file, source configuration file or drop-ins of 
clamd@scan.service changed on disk. Run 'systemctl daemon-reload' to 
reload units.

● clamd@scan.service - Customized clamd scanner (scan) daemon
   Loaded: bad-setting (Reason: Unit clamd@scan.service has a bad unit 
file setting.)

  Drop-In: /etc/systemd/system/clamd@.service.d
   └─custom.conf
   Active: inactive (dead)
 Docs: man:clamd(8)
   man:clamd.conf(5)
   https://www.clamav.net/documents/
   man:clamd(8)
   man:clamd.conf(5)
   https://www.clamav.net/documents/

clamd@scan.service: Service has more than one ExecStart= setting, which 
is only allowed for Type=oneshot services. Refusing.


What am I missing?


On 26.08.2019 12:08, Reio Remma via clamav-users wrote:

On 26/08/2019 12:27, Fajar A. Nugraha via clamav-users wrote:
On Mon, Aug 26, 2019 at 4:18 PM Herbert via clamav-users 
> wrote:


Hi all,

System Fedora 5.2.9-200.fc30.x86_64
ClamAv 0.101.4


I wonder why a DNF update changes my customized
/usr/lib/systemd/clam@,service file.


... because you shouldn't have modified that file?
https://docs.fedoraproject.org/en-US/quick-docs/understanding-and-administering-systemd/#modifying-existing-systemd-services



Thanks for that link!

I'm having to modify service configuration as well due to fairly 
outdated hardware where clamd loads about 3 minutes.


Probably ought to bugrep it to Fedora/CentOS etc.

Thanks,
Reio

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Update policy for clamd@.service

[Reio Remma via clamav-users]

On 26/08/2019 12:27, Fajar A. Nugraha via clamav-users wrote:
On Mon, Aug 26, 2019 at 4:18 PM Herbert via clamav-users 
mailto:clamav-users@lists.clamav.net>> 
wrote:


Hi all,

System Fedora 5.2.9-200.fc30.x86_64
ClamAv 0.101.4


I wonder why a DNF update changes my customized
/usr/lib/systemd/clam@,service file.


... because you shouldn't have modified that file?
https://docs.fedoraproject.org/en-US/quick-docs/understanding-and-administering-systemd/#modifying-existing-systemd-services



Thanks for that link!

I'm having to modify service configuration as well due to fairly 
outdated hardware where clamd loads about 3 minutes.


Probably ought to bugrep it to Fedora/CentOS etc.

Thanks,
Reio

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Update policy for clamd@.service

[Herbert via clamav-users]

Thanks for your hints!
Didn't know how to properly customize a service.
Will of course dive into that topic.

On 26.08.2019 11:27, Fajar A. Nugraha via clamav-users wrote:
On Mon, Aug 26, 2019 at 4:18 PM Herbert via clamav-users 
mailto:clamav-users@lists.clamav.net>> 
wrote:


Hi all,

System Fedora 5.2.9-200.fc30.x86_64
ClamAv 0.101.4


I wonder why a DNF update changes my customized
/usr/lib/systemd/clam@,service file.


... because you shouldn't have modified that file?
https://docs.fedoraproject.org/en-US/quick-docs/understanding-and-administering-systemd/#modifying-existing-systemd-services

Background:
I had to add/change the following configurations in above
mentioned file
to overcome
a timeout issue.

TimeOutSec = 600
#Restart = on-failure        # to avoid restarting on timeout failure


If it's an addition, you could probably use systemd drop-in 
configuration file instead, e.g.

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/sect-Managing_Services_with_systemd-Unit_Files#brid-Managing_Services_with_systemd-Extending_Unit_Config

IMHO an update should not change the service files, but instead
install
a new version of this file(s)
with an appropriate extension. In addition DNF update should inform
about this with a warning.


Are you sure you're not confusing /usr/lib/systemd with files under 
/etc ? AFAIK what you wrote is correct for files in /etc.


--
Fajar

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Update policy for clamd@.service

[Fajar A. Nugraha via clamav-users]

On Mon, Aug 26, 2019 at 4:18 PM Herbert via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hi all,
>
> System Fedora 5.2.9-200.fc30.x86_64
> ClamAv 0.101.4
>
>
> I wonder why a DNF update changes my customized
> /usr/lib/systemd/clam@,service file.
>
>
... because you shouldn't have modified that file?
https://docs.fedoraproject.org/en-US/quick-docs/understanding-and-administering-systemd/#modifying-existing-systemd-services



> Background:
> I had to add/change the following configurations in above mentioned file
> to overcome
> a timeout issue.
>
> TimeOutSec = 600
> #Restart = on-failure# to avoid restarting on timeout failure
>
>
If it's an addition, you could probably use systemd drop-in configuration
file instead, e.g.
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/sect-Managing_Services_with_systemd-Unit_Files#brid-Managing_Services_with_systemd-Extending_Unit_Config


IMHO an update should not change the service files, but  instead install
> a new version of this file(s)
> with an appropriate extension. In addition DNF update should inform
> about this with a warning.
>
>
Are you sure you're not confusing /usr/lib/systemd with files under /etc ?
AFAIK what you wrote is correct for files in /etc.

-- 
Fajar

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Update policy for clamd@.service

[Herbert via clamav-users]

Corrected typo in filename.

Hi all,

System Fedora 5.2.9-200.fc30.x86_64
ClamAv 0.101.4


I wonder why a DNF update changes my customized 
/usr/lib/systemd/clam@.service file.


Background:
I had to add/change the following configurations in above mentioned file 
to overcome

a timeout issue.

TimeOutSec = 600
#Restart = on-failure        # to avoid restarting on timeout failure

IMHO an update should not change the service files, but  instead install 
a new version of this file(s)
with an appropriate extension. In addition DNF update should inform 
about this with a warning.


Kind reagrds,
Herbert


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Update policy for clamd@.service

[Herbert via clamav-users]

Hi all,

System Fedora 5.2.9-200.fc30.x86_64
ClamAv 0.101.4


I wonder why a DNF update changes my customized 
/usr/lib/systemd/clam@,service file.


Background:
I had to add/change the following configurations in above mentioned file 
to overcome

a timeout issue.

TimeOutSec = 600
#Restart = on-failure        # to avoid restarting on timeout failure

IMHO an update should not change the service files, but  instead install 
a new version of this file(s)
with an appropriate extension. In addition DNF update should inform 
about this with a warning.


Kind reagrds,
Herbert

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Update Frequency (15 min or 10 mins)

[Joel Esler (jesler) via clamav-users]

And to further answer your question, at present, we are only updating the 
daily.cvd daily.

> On Aug 13, 2019, at 8:23 AM, Reio Remma via clamav-users 
>  wrote:
> 
> On 13/08/2019 15:17, Manna, Mohammed via clamav-users wrote:
>> Hello,
>>  
>> From the docs – it says that the most frequent update of clam AV definitions 
>> is 4 times an hour (e.g. every 15 mins).
>> 
>> However, we were investigating the clamAV logs, and it shows the following:
>>  
>> Tue Aug 13 12:11:01 2019 -> Self checking every 600 seconds.
>>  
>> Our confusion is here – is it actually the definition update frequency, or 
>> something else.
>> 
>> Apologies for any incorrect assumptions.
>> 
>> Regards,
>> MAnna
> 
> That's the interval at which ClamAV checks its local database files.
> 
> Good luck,
> Reio
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net 
> https://lists.clamav.net/mailman/listinfo/clamav-users 
> 
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq 
> 
> 
> http://www.clamav.net/contact.html#ml 



smime.p7s
Description: S/MIME cryptographic signature

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Update Frequency (15 min or 10 mins)

[Reio Remma via clamav-users]

On 13/08/2019 15:17, Manna, Mohammed via clamav-users wrote:


Hello,

From the docs – it says that the most frequent update of clam AV 
definitions is 4 times an hour (e.g. every 15 mins).


However, we were investigating the clamAV logs, and it shows the 
following:


Tue Aug 13 12:11:01 2019 -> Self checking every 600 seconds.

Our confusion is here – is it actually the definition update 
frequency, or something else.


Apologies for any incorrect assumptions.

Regards,
MAnna



That's the interval at which ClamAV checks its local database files.

Good luck,
Reio

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Update Frequency (15 min or 10 mins)

[Manna, Mohammed via clamav-users]

Hello,

>From the docs - it says that the most frequent update of clam AV definitions 
>is 4 times an hour (e.g. every 15 mins).

However, we were investigating the clamAV logs, and it shows the following:

Tue Aug 13 12:11:01 2019 -> Self checking every 600 seconds.

Our confusion is here - is it actually the definition update frequency, or 
something else.

Apologies for any incorrect assumptions.

Regards,
MAnna


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Update Failure

[Michael Newman via clamav-users]

> On Apr 23, 2019, at 23:00,Al Varnell wrote:
> 
> Appears to have been a failure regarding your Internet connection at the 
> time. Probably a short outage. I'm not seeing any issues from where I am on 
> the West Coast at this time.

Yes, you’re right. I went back and checked logs and found the my network was 
down, very briefly, at the same time as the update.

Last night’s update was successful, as usual.

Thanks.
___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Update Failure

[Micah Snyder (micasnyd) via clamav-users]

I have been working on a major update to freshclam, and have coincidentally 
already removed that in my working branch.  😊

-Micah

From: clamav-users  on behalf of "Joel 
Esler (jesler) via clamav-users" 
Reply-To: ClamAV users ML 
Date: Tuesday, April 23, 2019 at 2:07 PM
To: ClamAV users ML 
Cc: "Joel Esler (jesler)" , Michael Newman 
Subject: Re: [clamav-users] Update Failure

We should probably remove that "official-mirror-faq" link from freshclam.

There are no "mirrors" anymore. :)

--
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
http://www.talosintelligence.com


On Apr 22, 2019, at 5:43 PM, Michael Newman via clamav-users 
mailto:clamav-users@lists.clamav.net>> wrote:

I’ve not had trouble updating in the past, but last night:

Querying current.cvd.clamav.net<http://current.cvd.clamav.net/>
WARNING: Can't query current.cvd.clamav.net<http://current.cvd.clamav.net/>
WARNING: Invalid DNS reply. Falling back to HTTP mode.
If-Modified-Since: Wed, 07 Jun 2017 21:38:10 GMT
Reading CVD header (main.cvd): WARNING: Can't get information about 
db.US.clamav.net<http://db.us.clamav.net/>: nodename nor servname provided, or 
not known
WARNING: Can't read main.cvd header from 
db.US.clamav.net<http://db.us.clamav.net/> (IP: )
Trying again in 5 secs…


And


Update failed. Your network may be down or none of the mirrors listed in 
/opt/local/etc/freshclam.conf is working. Check 
https://www.clamav.net/documents/official-mirror-faq for possible reasons.


But, when I check the official-mirror-faq I get a 404 error.


What do I need to do to fix this?





___

clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Update Failure

[Joel Esler (jesler) via clamav-users]

We should probably remove that "official-mirror-faq" link from freshclam.

There are no "mirrors" anymore. :)

--
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
http://www.talosintelligence.com

On Apr 22, 2019, at 5:43 PM, Michael Newman via clamav-users 
mailto:clamav-users@lists.clamav.net>> wrote:

I’ve not had trouble updating in the past, but last night:

Querying current.cvd.clamav.net
WARNING: Can't query current.cvd.clamav.net
WARNING: Invalid DNS reply. Falling back to HTTP mode.
If-Modified-Since: Wed, 07 Jun 2017 21:38:10 GMT
Reading CVD header (main.cvd): WARNING: Can't get information about 
db.US.clamav.net: nodename nor servname provided, or 
not known
WARNING: Can't read main.cvd header from 
db.US.clamav.net (IP: )
Trying again in 5 secs…

And

Update failed. Your network may be down or none of the mirrors listed in 
/opt/local/etc/freshclam.conf is working. Check 
https://www.clamav.net/documents/official-mirror-faq for possible reasons.

But, when I check the official-mirror-faq I get a 404 error.

What do I need to do to fix this?



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Update Failure

[Al Varnell via clamav-users]

Appears to have been a failure regarding your Internet connection at the time. 
Probably a short outage. I'm not seeing any issues from where I am on the West 
Coast at this time.

The mirror FAQ doesn't exist any more and should be replaced or removed from 
those instructions.

-Al-

On Mon, Apr 22, 2019 at 02:43 PM, Michael Newman via clamav-users wrote:
> I’ve not had trouble updating in the past, but last night:
> 
> Querying current.cvd.clamav.net 
> WARNING: Can't query current.cvd.clamav.net 
> WARNING: Invalid DNS reply. Falling back to HTTP mode.
> If-Modified-Since: Wed, 07 Jun 2017 21:38:10 GMT
> Reading CVD header (main.cvd): WARNING: Can't get information about 
> db.US.clamav.net : nodename nor servname provided, 
> or not known
> WARNING: Can't read main.cvd header from db.US.clamav.net 
>  (IP: )
> Trying again in 5 secs…
> 
> And
> 
> Update failed. Your network may be down or none of the mirrors listed in 
> /opt/local/etc/freshclam.conf is working. Check 
> https://www.clamav.net/documents/official-mirror-faq 
>  for possible reasons.
> 
> But, when I check the official-mirror-faq I get a 404 error.
> 
> What do I need to do to fix this?


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Update Failure

[Al Varnell via clamav-users]

Appears to have been a failure regarding your Internet connection at the time. Probably a short outage. I'm not seeing any issues from where I am on the West Coast at this time.The mirror FAQ doesn't exist any more and should be replaced or removed from those instructions.-Al-On Mon, Apr 22, 2019 at 02:43 PM, Michael Newman via clamav-users wrote:I’ve not had trouble updating in the past, but last night:Querying current.cvd.clamav.netWARNING: Can't query current.cvd.clamav.netWARNING: Invalid DNS reply. Falling back to HTTP mode.If-Modified-Since: Wed, 07 Jun 2017 21:38:10 GMTReading CVD header (main.cvd): WARNING: Can't get information about db.US.clamav.net: nodename nor servname provided, or not knownWARNING: Can't read main.cvd header from db.US.clamav.net (IP: )Trying again in 5 secs…AndUpdate failed. Your network may be down or none of the mirrors listed in /opt/local/etc/freshclam.conf is working. Check https://www.clamav.net/documents/official-mirror-faq for possible reasons.But, when I check the official-mirror-faq I get a 404 error.What do I need to do to fix this?
___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Update Failure

[Michael Newman via clamav-users]

I’ve not had trouble updating in the past, but last night:

Querying current.cvd.clamav.net 
WARNING: Can't query current.cvd.clamav.net 
WARNING: Invalid DNS reply. Falling back to HTTP mode.
If-Modified-Since: Wed, 07 Jun 2017 21:38:10 GMT
Reading CVD header (main.cvd): WARNING: Can't get information about 
db.US.clamav.net : nodename nor servname provided, or 
not known
WARNING: Can't read main.cvd header from db.US.clamav.net 
 (IP: )
Trying again in 5 secs…

And

Update failed. Your network may be down or none of the mirrors listed in 
/opt/local/etc/freshclam.conf is working. Check 
https://www.clamav.net/documents/official-mirror-faq 
 for possible reasons.

But, when I check the official-mirror-faq I get a 404 error.

What do I need to do to fix this?



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Update Issue after updating to 0.100.2

[Micah Snyder (micasnyd) via clamav-users]

Hi Sébastien,

Can you try enabling “Debug yes” in the freshclam.conf to get debug output?
This morning I also observed an issue with 0.101.0 loading the daily database, 
but wasn’t able to reproduce with 0.101.1 and am still uncertain what caused 
the error.

Micah

From: clamav-users  on behalf of 
Sebastien Tete 
Reply-To: ClamAV users ML 
Date: Friday, March 8, 2019 at 10:39 AM
To: "clamav-users@lists.clamav.net" 
Subject: Re: [clamav-users] Update Issue after updating to 0.100.2


Need to correct  my original msg. The update was from 0.100.2 to 101.1.
On 08.03.19 16:04, Sebastien Tete wrote:

Hi clamav-users,



We are using clamav now for some years and we were able to solve all

issues ourself.



Now I can't figure out what the problem is. I did hours of research

without any good matches.







It starts occurring after update from 0.100.1 to 0.100.2.



We just updated, nothing else, kept previous configurations.



We are using the event "OnErrorExecute"



This event now triggers on like 80% on all systems.





Usually the output in freshclam.log looks like this:



Received signal: wake up

ClamAV update process started at Fri Mar  8 11:27:31 2019

main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60,

builder: sigmgr)

Downloading daily-25382.cdiff [100%]

ERROR: Database load killed by signal 11

ERROR: Failed to load new database



Our configuration is without debug.



If I run "freshclam -v" the problem never happens.



So I am unable to get Debug output for this scenario.





You can find these ERROR Message in google, but they are very very old

and those issues don't share any similarities with our situations, at

least this is what I think. Maybe I am wrong.





On some systems I deleted all cache data/all sigs.



On those systems the scheduled updates downloaded everything until all

sigs were up2date. All good!



Few days later, the same issue occurred :/





Please advise me in how to continue in debugging or fixing.



Thanks a lot



Sébastien Tête





___



clamav-users mailing list

clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>

https://lists.clamav.net/mailman/listinfo/clamav-users





Help us build a comprehensive ClamAV guide:

https://github.com/vrtadmin/clamav-faq



http://www.clamav.net/contact.html#ml

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Update Issue after updating to 0.100.2

[Sebastien Tete]

Need to correct  my original msg. The update was from 0.100.2 to 101.1.

On 08.03.19 16:04, Sebastien Tete wrote:
> Hi clamav-users,
>
> We are using clamav now for some years and we were able to solve all
> issues ourself.
>
> Now I can't figure out what the problem is. I did hours of research
> without any good matches.
>
>
>
> It starts occurring after update from 0.100.1 to 0.100.2.
>
> We just updated, nothing else, kept previous configurations.
>
> We are using the event "OnErrorExecute"
>
> This event now triggers on like 80% on all systems.
>
>
> Usually the output in freshclam.log looks like this:
>
> Received signal: wake up
> ClamAV update process started at Fri Mar  8 11:27:31 2019
> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60,
> builder: sigmgr)
> Downloading daily-25382.cdiff [100%]
> ERROR: Database load killed by signal 11
> ERROR: Failed to load new database
>
> Our configuration is without debug.
>
> If I run "freshclam -v" the problem never happens.
>
> So I am unable to get Debug output for this scenario.
>
>
> You can find these ERROR Message in google, but they are very very old
> and those issues don't share any similarities with our situations, at
> least this is what I think. Maybe I am wrong.
>
>
> On some systems I deleted all cache data/all sigs.
>
> On those systems the scheduled updates downloaded everything until all
> sigs were up2date. All good!
>
> Few days later, the same issue occurred :/
>
>
> Please advise me in how to continue in debugging or fixing.
>
> Thanks a lot
>
> Sébastien Tête
>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml


pEpkey.asc
Description: application/pgp-keys

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Update Issue after updating to 0.100.2

[Sebastien Tete]

Hi clamav-users,

We are using clamav now for some years and we were able to solve all
issues ourself.

Now I can't figure out what the problem is. I did hours of research
without any good matches.



It starts occurring after update from 0.100.1 to 0.100.2.

We just updated, nothing else, kept previous configurations.

We are using the event "OnErrorExecute"

This event now triggers on like 80% on all systems.


Usually the output in freshclam.log looks like this:

Received signal: wake up
ClamAV update process started at Fri Mar  8 11:27:31 2019
main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60,
builder: sigmgr)
Downloading daily-25382.cdiff [100%]
ERROR: Database load killed by signal 11
ERROR: Failed to load new database

Our configuration is without debug.

If I run "freshclam -v" the problem never happens.

So I am unable to get Debug output for this scenario.


You can find these ERROR Message in google, but they are very very old
and those issues don't share any similarities with our situations, at
least this is what I think. Maybe I am wrong.


On some systems I deleted all cache data/all sigs.

On those systems the scheduled updates downloaded everything until all
sigs were up2date. All good!

Few days later, the same issue occurred :/


Please advise me in how to continue in debugging or fixing.

Thanks a lot

Sébastien Tête



pEpkey.asc
Description: application/pgp-keys

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update report

[Micah Snyder]

Sorry for the delayed response, all:

The issue facing those without IPv6 compatible hardware or networks came to 
light earlier in the CloudFlare mirror-transition.  A ticket that both alerted 
us to the issue and provided a fix was prvoided in a bug courtesy of Guilherme 
Benkenstein:
https://bugzilla.clamav.net/show_bug.cgi?id=12119

As stated in the final comment, I have added the patch to our development 
branch for v0.101 and the upcoming v0.100.1 patch release.

0.101:
https://github.com/Cisco-Talos/clamav-devel/commit/f4861c670167a7a109340c1f8579a55205acbd8a

0.100.1:
https://github.com/Cisco-Talos/clamav-devel/commit/9fd6d90afab40b5e3e3fe456d337eecce670fa50

The 0.100.1 patch release is in testing and will be published very soon.  My 
apologies to those who have been frustrated by IPv4-IPv6 related connection 
issues.  With any luck, this patch release will resolve things.

Regards,
Micah


On Jul 2, 2018, at 1:56 PM, Joel Esler mailto:jesler at 
cisco.com>> wrote:
> On Jul 2, 2018, at 1:56 PM, Gene Heskett  shentel.net> wrote:
> 
> but even on my setups which have this for years freshclam repetaly
> produces ipv6 crap-messages which is simpyl wrong
> 
> If thats the case, and I'll find out by this time tomorrow, then I can't
> help but agree, its a bug. Not a showstopper, but one to be swatted in
> the next upgrade for us folks out here in the ipv4 only puckerbrush.
> 
> 
> It's definitely on our radar.  Micah may want to comment further.
> 
> --
> Joel Esler
> Sr. Manager
> Open Source, Design, Web, and Education
> Talos Group
> http://www.talosintelligence.com
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update report

[Reindl Harald]

Am 02.07.2018 um 19:38 schrieb Benny Pedersen:
> Gene Heskett skrev den 2018-07-02 19:20:
>> On Monday 02 July 2018 13:12:12 Gene Heskett wrote:
>> However, a network restart did not get rid of the ipv6 stuff in the
>> ifconfig lo report. ?  /etc/network/interfaces is also clean of any
>> ipv6 stuffs. ?
>>
> 
> if all else fails
> 
> check /etc/gai.conf
> change that conf to prefer ipv4 first

yeah distro specific crap besides that it does not help in case of
freshclam at all to disable ivp6 entirely

[root@srv-rhsoft:~]$ cat /etc/gai.conf
cat: /etc/gai.conf: No such file or directory

[root@srv-rhsoft:~]$ cat sysctl.conf | grep ipv6 | grep disable
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1

[root@srv-rhsoft:~]$ ifconfig lo
lo: flags=73  mtu 65536
inet 127.0.0.1  netmask 255.0.0.0
loop  txqueuelen 1000  (Local Loopback)
RX packets 3019819  bytes 2513735808 (2.3 GiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 3019819  bytes 2513735808 (2.3 GiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update report

[Reindl Harald]

Am 02.07.2018 um 19:20 schrieb Gene Heskett:
>> And since that stuff did exist in my /etc/hosts file, I just stuck a #
>> in front of all those, just for S&G of course. Watching log too. But
>> its seems like an every other update run, and since I am not a
>> paying/supporting customer, I only run it 2x daily. So the next run
>> will be just about 0:50 local time.
> 
> However, a network restart did not get rid of the ipv6 stuff in the 
> ifconfig lo report. ?  /etc/network/interfaces is also clean of any 
> ipv6 stuffs. ?

sysctl.conf:
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1

sysctl -p

ifconfig no longer shows any ipv6 stuff
it's that easy

but even on my setups which have this for years freshclam repetaly
produces ipv6 crap-messages which is simpyl wrong
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update report

[Joel Esler (jesler)]

On Jul 2, 2018, at 1:56 PM, Gene Heskett 
mailto:ghesk...@shentel.net>> wrote:

but even on my setups which have this for years freshclam repetaly
produces ipv6 crap-messages which is simpyl wrong

If thats the case, and I'll find out by this time tomorrow, then I can't
help but agree, its a bug. Not a showstopper, but one to be swatted in
the next upgrade for us folks out here in the ipv4 only puckerbrush.


It's definitely on our radar.  Micah may want to comment further.

--
Joel Esler
Sr. Manager
Open Source, Design, Web, and Education
Talos Group
http://www.talosintelligence.com
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update report

[Gene Heskett]

On Monday 02 July 2018 13:23:24 Reindl Harald wrote:

> Am 02.07.2018 um 19:20 schrieb Gene Heskett:
> >> And since that stuff did exist in my /etc/hosts file, I just stuck
> >> a # in front of all those, just for S&G of course. Watching log
> >> too. But its seems like an every other update run, and since I am
> >> not a paying/supporting customer, I only run it 2x daily. So the
> >> next run will be just about 0:50 local time.
> >
> > However, a network restart did not get rid of the ipv6 stuff in the
> > ifconfig lo report. ?  /etc/network/interfaces is also clean of
> > any ipv6 stuffs. ?
>
> sysctl.conf:
> net.ipv6.conf.all.disable_ipv6=1
> net.ipv6.conf.default.disable_ipv6=1
>
> sysctl -p
>
> ifconfig no longer shows any ipv6 stuff
> it's that easy

no its not, unless you know how. But lo no longer shows any ipv6 stuffs.

> but even on my setups which have this for years freshclam repetaly
> produces ipv6 crap-messages which is simpyl wrong

If thats the case, and I'll find out by this time tomorrow, then I can't 
help but agree, its a bug. Not a showstopper, but one to be swatted in 
the next upgrade for us folks out here in the ipv4 only puckerbrush.

-- 
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update report

[Benny Pedersen]

Gene Heskett skrev den 2018-07-02 19:20:

On Monday 02 July 2018 13:12:12 Gene Heskett wrote:
However, a network restart did not get rid of the ipv6 stuff in the
ifconfig lo report. ?  /etc/network/interfaces is also clean of any
ipv6 stuffs. ?



if all else fails

check /etc/gai.conf

change that conf to prefer ipv4 first
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update report

[Gene Heskett]

On Monday 02 July 2018 13:12:12 Gene Heskett wrote:

> On Sunday 01 July 2018 07:05:52 Reindl Harald wrote:
> > Am 01.07.2018 um 08:17 schrieb Gary R. Schmidt:
> > > On 01/07/2018 10:22, Gene Heskett wrote:
> > >> I'm still logging this about every other freshclam run:
> > >>
> > >> Sat Jun 30 18:49:53 2018 -> nonblock_connect: connect(): fd=4
> > >> errno=101: Network is unreachable
> > >> Sat Jun 30 18:49:53 2018 -> Can't connect to port 80 of host
> > >> db.us.clamav.net (IP: 2400:cb00:2048:1::6810:ba8a)
> > >>
> > >> And I've rm'd mirrors.dat several times.
> > >
> > > Do you have an IPv6 network connection to the outside world?
> > >
> > > That's what "2400:cb00:2048:1::6810:ba8a" is trying to do.
> > >
> > > I noticed the same thing was happening with my freshclam, had a
> > > look at the configure options, reconfigured with "--disable-ipv6",
> > > rebuilt and reinstalled
> >
> > build from source is not an option for most users and trying ipv6 on
> > a obvious ipv4-only machine where even the loopback device don#t
> > have a ipv6 address is a bug - it's that easy
>
> And since that stuff did exist in my /etc/hosts file, I just stuck a #
> in front of all those, just for S&G of course. Watching log too. But
> its seems like an every other update run, and since I am not a
> paying/supporting customer, I only run it 2x daily. So the next run
> will be just about 0:50 local time.

However, a network restart did not get rid of the ipv6 stuff in the 
ifconfig lo report. ?  /etc/network/interfaces is also clean of any 
ipv6 stuffs. ?


-- 
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update report

[Gene Heskett]

On Sunday 01 July 2018 07:05:52 Reindl Harald wrote:

> Am 01.07.2018 um 08:17 schrieb Gary R. Schmidt:
> > On 01/07/2018 10:22, Gene Heskett wrote:
> >> I'm still logging this about every other freshclam run:
> >>
> >> Sat Jun 30 18:49:53 2018 -> nonblock_connect: connect(): fd=4
> >> errno=101: Network is unreachable
> >> Sat Jun 30 18:49:53 2018 -> Can't connect to port 80 of host
> >> db.us.clamav.net (IP: 2400:cb00:2048:1::6810:ba8a)
> >>
> >> And I've rm'd mirrors.dat several times.
> >
> > Do you have an IPv6 network connection to the outside world?
> >
> > That's what "2400:cb00:2048:1::6810:ba8a" is trying to do.
> >
> > I noticed the same thing was happening with my freshclam, had a look
> > at the configure options, reconfigured with "--disable-ipv6",
> > rebuilt and reinstalled
>
> build from source is not an option for most users and trying ipv6 on a
> obvious ipv4-only machine where even the loopback device don#t have a
> ipv6 address is a bug - it's that easy

And since that stuff did exist in my /etc/hosts file, I just stuck a # in 
front of all those, just for S&G of course. Watching log too. But its 
seems like an every other update run, and since I am not a 
paying/supporting customer, I only run it 2x daily. So the next run will 
be just about 0:50 local time.

-- 
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update report

[Reindl Harald]

Am 01.07.2018 um 14:22 schrieb Gary R. Schmidt:
> On 01/07/2018 21:05, Reindl Harald wrote:
>>
>> Am 01.07.2018 um 08:17 schrieb Gary R. Schmidt:
>>> On 01/07/2018 10:22, Gene Heskett wrote:
 I'm still logging this about every other freshclam run:

 Sat Jun 30 18:49:53 2018 -> nonblock_connect: connect(): fd=4
 errno=101:
 Network is unreachable
 Sat Jun 30 18:49:53 2018 -> Can't connect to port 80 of host
 db.us.clamav.net (IP: 2400:cb00:2048:1::6810:ba8a)

 And I've rm'd mirrors.dat several times.

>>> Do you have an IPv6 network connection to the outside world?
>>>
>>> That's what "2400:cb00:2048:1::6810:ba8a" is trying to do.
>>>
>>> I noticed the same thing was happening with my freshclam, had a look at
>>> the configure options, reconfigured with "--disable-ipv6", rebuilt and
>>> reinstalled
>> build from source is not an option for most users and trying ipv6 on a
>> obvious ipv4-only machine where even the loopback device don#t have a
>> ipv6 address is a bug - it's that easy
>>
> Do any machines *not* have IPv6 stacks installed these days?
> 
> They may not have IPv6 connectivity to the outside world, but all my
> Solaris, Linux, and Windows boxes have IPv6 stacks installed by default

do you see any ipv6 address here? the stack is disabled and even in that
cases freshclam comes with ipv6 error messages

[root@srv-rhsoft:~]$ ifconfig lo
lo: flags=73  mtu 65536
inet 127.0.0.1  netmask 255.0.0.0
loop  txqueuelen 1000  (Lokale Schleife)
RX packets 2498838  bytes 2390706748 (2.2 GiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 2498838  bytes 2390706748 (2.2 GiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@srv-rhsoft:~]$ cat sysctl.conf | grep ipv6
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.all.accept_redirects=0
net.ipv6.conf.all.accept_source_route=0
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.default.accept_redirects=0
net.ipv6.conf.default.accept_source_route=0


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update report

[Reindl Harald]

Am 01.07.2018 um 08:17 schrieb Gary R. Schmidt:
> On 01/07/2018 10:22, Gene Heskett wrote:
>> I'm still logging this about every other freshclam run:
>>
>> Sat Jun 30 18:49:53 2018 -> nonblock_connect: connect(): fd=4 errno=101:
>> Network is unreachable
>> Sat Jun 30 18:49:53 2018 -> Can't connect to port 80 of host
>> db.us.clamav.net (IP: 2400:cb00:2048:1::6810:ba8a)
>>
>> And I've rm'd mirrors.dat several times.
>>
> Do you have an IPv6 network connection to the outside world?
> 
> That's what "2400:cb00:2048:1::6810:ba8a" is trying to do.
> 
> I noticed the same thing was happening with my freshclam, had a look at
> the configure options, reconfigured with "--disable-ipv6", rebuilt and
> reinstalled

build from source is not an option for most users and trying ipv6 on a
obvious ipv4-only machine where even the loopback device don#t have a
ipv6 address is a bug - it's that easy
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update report

[Gene Heskett]

On Sunday 01 July 2018 10:20:59 Gary R. Schmidt wrote:

> On 01/07/2018 23:00, Gene Heskett wrote:
> > On Sunday 01 July 2018 08:22:03 Gary R. Schmidt wrote:
>
> [SNIP]
>
> >> Now, testing for IPv6 connectivity might turn a temporary failure
> >> into a permanent one, which is not good,
> >
> > Needs an explanation. Udev is the only thing that will turn a temp
> > failure permanent, until you edit the rule at least.
>
> I meant testing inside freshclam and turning a temporary IPv6 failure
> into a permanent one.

Ahh, now I get it Gary, permanent until the next update perhaps might be 
a decent idea at that. T'would cut down on the log noise. ;-)
>
>   Cheers,
>   GaryB-)
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml



-- 
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update report

[Joel Esler (jesler)]

Gentlemen, we’ve descended into a “who is better” contest.   I suggest we stop. 
 

Sent from my iPhone

> On Jul 1, 2018, at 10:43, Gary R. Schmidt  wrote:
> 
>> On 02/07/2018 00:35, Reindl Harald wrote:
>> 
>>> Am 01.07.2018 um 16:33 schrieb Gary R. Schmidt:
>>> On 01/07/2018 22:37, Reindl Harald wrote:
>>> [SNIP]
>>> 
 do you see any ipv6 address here? the stack is disabled and even in that
 cases freshclam comes with ipv6 error messages
 
>>> Do you know the difference between running an IPv6 stack and doing a
>>> name lookup for an  record?
>> surely - but where is the point to do so on a ipv4-only setup?
>> 
>> hint: i am for sure the wrong person for such silly questions given what
>> i maintain and develop over the last 15 years
>> 
> Ah, you're new.
> 
> 
> 15 years isn't that long, there's stuff I wrote more than twice that long ago 
> still in use.
> 
> 
> And yes, doing a lookup for an  record is silly in an IPv4-only 
> environment, but if the code is compiled to be IPv6 capable then that is what 
> it probably should do.
> 
> 
> Cheers,
> 
> GaryB-)
> 
> 
> P.S. Irrelevant claims of infinite experience don't impress anyone.
> 
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update report

[Gary R. Schmidt]

On 02/07/2018 00:35, Reindl Harald wrote:


Am 01.07.2018 um 16:33 schrieb Gary R. Schmidt:

On 01/07/2018 22:37, Reindl Harald wrote:
[SNIP]


do you see any ipv6 address here? the stack is disabled and even in that
cases freshclam comes with ipv6 error messages


Do you know the difference between running an IPv6 stack and doing a
name lookup for an  record?

surely - but where is the point to do so on a ipv4-only setup?

hint: i am for sure the wrong person for such silly questions given what
i maintain and develop over the last 15 years


Ah, you're new.


15 years isn't that long, there's stuff I wrote more than twice that 
long ago still in use.



And yes, doing a lookup for an  record is silly in an IPv4-only 
environment, but if the code is compiled to be IPv6 capable then that is 
what it probably should do.



    Cheers,

        Gary    B-)


P.S. Irrelevant claims of infinite experience don't impress anyone.

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update report

[Gary R. Schmidt]

On 01/07/2018 22:37, Reindl Harald wrote:
[SNIP]

> do you see any ipv6 address here? the stack is disabled and even in that
> cases freshclam comes with ipv6 error messages
>
Do you know the difference between running an IPv6 stack and doing a 
name lookup for an  record?


    Cheers,
        Gary    B-)

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update report

[Gary R. Schmidt]

On 01/07/2018 23:00, Gene Heskett wrote:

On Sunday 01 July 2018 08:22:03 Gary R. Schmidt wrote:

[SNIP]


Now, testing for IPv6 connectivity might turn a temporary failure into
a permanent one, which is not good,


Needs an explanation. Udev is the only thing that will turn a temp
failure permanent, until you edit the rule at least.

I meant testing inside freshclam and turning a temporary IPv6 failure 
into a permanent one.


Cheers,
GaryB-)
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update report

[Gene Heskett]

On Sunday 01 July 2018 08:22:03 Gary R. Schmidt wrote:

> On 01/07/2018 21:05, Reindl Harald wrote:
> > Am 01.07.2018 um 08:17 schrieb Gary R. Schmidt:
> >> On 01/07/2018 10:22, Gene Heskett wrote:
> >>> I'm still logging this about every other freshclam run:
> >>>
> >>> Sat Jun 30 18:49:53 2018 -> nonblock_connect: connect(): fd=4
> >>> errno=101: Network is unreachable
> >>> Sat Jun 30 18:49:53 2018 -> Can't connect to port 80 of host
> >>> db.us.clamav.net (IP: 2400:cb00:2048:1::6810:ba8a)
> >>>
> >>> And I've rm'd mirrors.dat several times.
> >>
> >> Do you have an IPv6 network connection to the outside world?
> >>
> >> That's what "2400:cb00:2048:1::6810:ba8a" is trying to do.
> >>
> >> I noticed the same thing was happening with my freshclam, had a
> >> look at the configure options, reconfigured with "--disable-ipv6",
> >> rebuilt and reinstalled
> >
> > build from source is not an option for most users and trying ipv6 on
> > a obvious ipv4-only machine where even the loopback device don#t
> > have a ipv6 address is a bug - it's that easy
>
> Do any machines *not* have IPv6 stacks installed these days?
>
> They may not have IPv6 connectivity to the outside world, but all my
> Solaris, Linux, and Windows boxes have IPv6 stacks installed by
> default.
>
> So testing for an IPv6 loopback would still say "go for it."
>
> Now, testing for IPv6 connectivity might turn a temporary failure into
> a permanent one, which is not good,

Needs an explanation. Udev is the only thing that will turn a temp 
failure permanent, until you edit the rule at least.

> it would probably be better for 
> the IPv6 failure message to say "IPv6 connection failed, trying IPv4."
>
I couldn't agree more. Software error messages in general, suck, rarely 
telling the user what really happened.

I KNOW I have no ipv6 connectivity, and likely won't for the rest of my 
life since I've already used up 83 of my 3 score and 10.

Thats the choice I made when I married an old maid school teacher 29 
years ago this winter. We will both die in the town she was born in. 
County seat, pop about 5500. Small towns are the heart of this country, 
we've got good neighbors. Shopping locally is limited, but stuff I need 
as an aging nerd is less than an hour away, or can be had off the net.

Living someplace where I had to lock up like Fort Knox just to go have a 
cuppa with the next door neighbor is something I'd fix by moving 
someplace where door locks are optional, there, but seldom used. Here 
they often stand open while we go to the store for milk, whatever, and 
coffee.  Whats not to like?

>      Cheers,
>
>          Gary    B-)
>
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml



-- 
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update report

[Klaus Ethgen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Am So den  1. Jul 2018 um 13:22 schrieb Gary R. Schmidt:
> Do any machines *not* have IPv6 stacks installed these days?

Yes. If you don't have and/or need IPv6 connectivity, it is probably the
safest measurement to switch it off completely (by kernel option or
compiling the kernel without.)

So I believe, if someone know IPv6 and is security affine, and does not
have IPv6 or does not want to invest the trouble (at the moment) to
implement the safety measurements that is needed to do IPv6 the safe
way, he would switch it off.

Regards
   Klaus
- -- 
Klaus Ethgen   http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C
-BEGIN PGP SIGNATURE-
Comment: Charset: ISO-8859-1

iQGzBAEBCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAls4z+0ACgkQpnwKsYAZ
9qzyuwv+POnnCNh0/PAHbWgOZVL48JqDYpetJcsdIx8tWO84xFMQ/Pdq9+zeK819
/dyFrnRE2uN7nEDwxAINGEBf8pibFbJT6+z4QhzdInw4wkpviWgMv+c3+n4VIl6P
ro1vXGgksHRurZnBbsjUax7IxSL7qYJcaSHFmdujWWGVIFOlQfyqv7IdvyiptOab
ietWK6yGaKimZXXDPw2/jw8gxkBXxkAsdDl/KtSuSNQbScVa+dcbqCkZVwuFHA6j
vtB1JZc5Y9fAc4SLg34/2O5nHVsV+7bjHoPOO6SrHoKJtzHRcfTr/CxKVYW43JGH
vXS3P7jpV56mx01FEnUpkPe/82zzIn9A5U6DNEJHZK1POz39TOIadErqftiXHQia
58mms+HvauhmRPR7vmNr6RJFJ1vXSD+LJYJTIZOGXaZgSHGV6vIorGKsD1xaTtC3
vJJLevOvmxV+1rs9JEblPOn0zH72lbgv6HalwcGHpHgl9cK69LZKofj7Lkc1gTLM
I6cQPMb6
=s5AF
-END PGP SIGNATURE-
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update report

[Gary R. Schmidt]

On 01/07/2018 21:05, Reindl Harald wrote:


Am 01.07.2018 um 08:17 schrieb Gary R. Schmidt:

On 01/07/2018 10:22, Gene Heskett wrote:

I'm still logging this about every other freshclam run:

Sat Jun 30 18:49:53 2018 -> nonblock_connect: connect(): fd=4 errno=101:
Network is unreachable
Sat Jun 30 18:49:53 2018 -> Can't connect to port 80 of host
db.us.clamav.net (IP: 2400:cb00:2048:1::6810:ba8a)

And I've rm'd mirrors.dat several times.


Do you have an IPv6 network connection to the outside world?

That's what "2400:cb00:2048:1::6810:ba8a" is trying to do.

I noticed the same thing was happening with my freshclam, had a look at
the configure options, reconfigured with "--disable-ipv6", rebuilt and
reinstalled

build from source is not an option for most users and trying ipv6 on a
obvious ipv4-only machine where even the loopback device don#t have a
ipv6 address is a bug - it's that easy


Do any machines *not* have IPv6 stacks installed these days?

They may not have IPv6 connectivity to the outside world, but all my 
Solaris, Linux, and Windows boxes have IPv6 stacks installed by default.


So testing for an IPv6 loopback would still say "go for it."

Now, testing for IPv6 connectivity might turn a temporary failure into a 
permanent one, which is not good, it would probably be better for the 
IPv6 failure message to say "IPv6 connection failed, trying IPv4."



    Cheers,

        Gary    B-)

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update report

[Gene Heskett]

On Sunday 01 July 2018 02:17:41 Gary R. Schmidt wrote:

> On 01/07/2018 10:22, Gene Heskett wrote:
> > I'm still logging this about every other freshclam run:
> >
> > Sat Jun 30 18:49:53 2018 -> nonblock_connect: connect(): fd=4
> > errno=101: Network is unreachable
> > Sat Jun 30 18:49:53 2018 -> Can't connect to port 80 of host
> > db.us.clamav.net (IP: 2400:cb00:2048:1::6810:ba8a)
> >
> > And I've rm'd mirrors.dat several times.
>
> Do you have an IPv6 network connection to the outside world?
>
No. And its generally disabled sitewide.  The nearest ipv6 is probably in 
Pittsburg PA or Charleston WV, both 100+ miles away. This is WV where 
such as ipv6 will take another 20 years to penetrate the last mile.

> That's what "2400:cb00:2048:1::6810:ba8a" is trying to do.
>
> I noticed the same thing was happening with my freshclam, had a look
> at the configure options, reconfigured with "--disable-ipv6", rebuilt
> and reinstalled.
>
That really ought to have been a freshclam.conf controlled option, but 
not according to the man pages.

> No more noise.
>
IOW, its falling back to ipv4 and continueing on its merry way.

>   Cheers,
>   GaryB-)

Thanks for the clarification, Gary.
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml



-- 
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update report

[Gary R. Schmidt]

On 01/07/2018 10:22, Gene Heskett wrote:

I'm still logging this about every other freshclam run:

Sat Jun 30 18:49:53 2018 -> nonblock_connect: connect(): fd=4 errno=101:
Network is unreachable
Sat Jun 30 18:49:53 2018 -> Can't connect to port 80 of host
db.us.clamav.net (IP: 2400:cb00:2048:1::6810:ba8a)

And I've rm'd mirrors.dat several times.


Do you have an IPv6 network connection to the outside world?

That's what "2400:cb00:2048:1::6810:ba8a" is trying to do.

I noticed the same thing was happening with my freshclam, had a look at 
the configure options, reconfigured with "--disable-ipv6", rebuilt and 
reinstalled.


No more noise.

Cheers,
GaryB-)
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update report

[Gene Heskett]

On Saturday 30 June 2018 20:30:57 Joel Esler (jesler) wrote:

> Interesting.   Can you give us a -debug?
>
Is this something I can put in the crontab, Joel?  How?

> Sent from my iPhone
>
> > On Jun 30, 2018, at 20:22, Gene Heskett 
> > wrote:
> >
> > I'm still logging this about every other freshclam run:
> >
> > Sat Jun 30 18:49:53 2018 -> nonblock_connect: connect(): fd=4
> > errno=101: Network is unreachable
> > Sat Jun 30 18:49:53 2018 -> Can't connect to port 80 of host
> > db.us.clamav.net (IP: 2400:cb00:2048:1::6810:ba8a)
> >
> > And I've rm'd mirrors.dat several times.
> > --
> > Cheers, Gene Heskett
> > --
> > "There are four boxes to be used in defense of liberty:
> > soap, ballot, jury, and ammo. Please use in that order."
> > -Ed Howdershelt (Author)
> > Genes Web page 
> > ___
> > clamav-users mailing list
> > clamav-users@lists.clamav.net
> > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> >
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
>
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml



-- 
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update report

[Joel Esler (jesler)]

Interesting.   Can you give us a -debug?

Sent from my iPhone

> On Jun 30, 2018, at 20:22, Gene Heskett  wrote:
> 
> I'm still logging this about every other freshclam run:
> 
> Sat Jun 30 18:49:53 2018 -> nonblock_connect: connect(): fd=4 errno=101: 
> Network is unreachable
> Sat Jun 30 18:49:53 2018 -> Can't connect to port 80 of host 
> db.us.clamav.net (IP: 2400:cb00:2048:1::6810:ba8a)
> 
> And I've rm'd mirrors.dat several times.
> -- 
> Cheers, Gene Heskett
> --
> "There are four boxes to be used in defense of liberty:
> soap, ballot, jury, and ammo. Please use in that order."
> -Ed Howdershelt (Author)
> Genes Web page 
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] update report

[Gene Heskett]

I'm still logging this about every other freshclam run:

Sat Jun 30 18:49:53 2018 -> nonblock_connect: connect(): fd=4 errno=101: 
Network is unreachable
Sat Jun 30 18:49:53 2018 -> Can't connect to port 80 of host 
db.us.clamav.net (IP: 2400:cb00:2048:1::6810:ba8a)

And I've rm'd mirrors.dat several times.
-- 
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update mirror trouble?

[Joel Esler (jesler)]

If you have list of mirrors that are broken, it would be helpful to have that 
list, and what is broken about them.

About a month ago, we went through a removed a “ton”* of broken ones.




*ton means "a lot”.


--
Joel Esler | Talos: Manager | jes...@cisco.com






On Nov 6, 2017, at 11:12 AM, Dennis Peterson 
mailto:denni...@inetnw.com>> wrote:

There are still a lot of broken mirrors out there aside from this problem.

dp

On 11/6/17 8:05 AM, Joel Esler (jesler) wrote:
This should be resolving itself as we speak.

--
Joel Esler | Talos: Manager | 
jes...@cisco.com







___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update mirror trouble?

[Dennis Peterson]

There are still a lot of broken mirrors out there aside from this problem.

dp

On 11/6/17 8:05 AM, Joel Esler (jesler) wrote:

This should be resolving itself as we speak.

--
Joel Esler | Talos: Manager | jes...@cisco.com








___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update mirror trouble?

[Joel Esler (jesler)]

This should be resolving itself as we speak.

--
Joel Esler | Talos: Manager | jes...@cisco.com






On Nov 6, 2017, at 4:47 AM, Simon Mousey Smith 
mailto:simonsmith5...@gmail.com>> wrote:

Hi,

Same here still having problems but slightly different

ClamAV update process started at Mon Nov  6 09:46:22 2017
WARNING: DNS record is older than 3 hours.
WARNING: Invalid DNS reply. Falling back to HTTP mode.
junk.ndb is up to date (version: custom database)
jurlbl.ndb is up to date (version: custom database)
phish.ndb is up to date (version: custom database)
rogue.hdb is up to date (version: custom database)
sanesecurity.ftm is up to date (version: custom database)
scam.ndb is up to date (version: custom database)
spamimg.hdb is up to date (version: custom database)
winnow_malware.hdb is up to date (version: custom database)
winnow_malware_links.ndb is up to date (version: custom database)
sigwhitelist.ign2 is up to date (version: custom database)
spamattach.hdb is up to date (version: custom database)
spear.ndb is up to date (version: custom database)
spearl.ndb is up to date (version: custom database)
blurl.ndb is up to date (version: custom database)
winnow.attachments.hdb is up to date (version: custom database)
winnow_bad_cw.hdb is up to date (version: custom database)
winnow_extended_malware.hdb is up to date (version: custom database)
bofhland_cracked_URL.ndb is up to date (version: custom database)
bofhland_malware_URL.ndb is up to date (version: custom database)
bofhland_phishing_URL.ndb is up to date (version: custom database)
bofhland_malware_attach.hdb is up to date (version: custom database)
crdfam.clamav.hdb is up to date (version: custom database)
malwarehash.hsb is up to date (version: custom database)
porcupine.ndb is up to date (version: custom database)
phishtank.ndb is up to date (version: custom database)
porcupine.hsb is up to date (version: custom database)
hackingteam.hsb is up to date (version: custom database)
badmacro.ndb is up to date (version: custom database)
Sanesecurity_sigtest.yara is up to date (version: custom database)
Sanesecurity_spam.yara is up to date (version: custom database)
Reading CVD header (main.cvd): WARNING: Can't read main.cvd header from 
database.clamav.net (IP: )
Trying again in 5 secs…

Regards

Simon

On 6 Nov 2017, at 06:16, Tsutomu Oyamada 
mailto:oyam...@promark-inc.com>> wrote:

Hi,

It looks like that Updating of CVD in 
database.clamav.net is not working
(stopping).
Do you have any trouble problem happened?

We are in Japan, and it set CNAME for 
database.clamav.net as
db.jp.clamav.net.
db.jp.clamav.net has 4 IP addresses and those are 
working in roundrobin.
Every sites are working, but CVD version stops at 24010 as follows.

db.jp.clamav.net.   39  IN  A   
218.44.253.75
db.jp.clamav.net.   39  IN  A   
203.178.137.175
db.jp.clamav.net.   39  IN  A   
27.96.54.66
db.jp.clamav.net.   39  IN  A   
124.35.85.83


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update mirror trouble?

[Simon Mousey Smith]

Hi,

Same here still having problems but slightly different

ClamAV update process started at Mon Nov  6 09:46:22 2017
WARNING: DNS record is older than 3 hours.
WARNING: Invalid DNS reply. Falling back to HTTP mode.
junk.ndb is up to date (version: custom database)
jurlbl.ndb is up to date (version: custom database)
phish.ndb is up to date (version: custom database)
rogue.hdb is up to date (version: custom database)
sanesecurity.ftm is up to date (version: custom database)
scam.ndb is up to date (version: custom database)
spamimg.hdb is up to date (version: custom database)
winnow_malware.hdb is up to date (version: custom database)
winnow_malware_links.ndb is up to date (version: custom database)
sigwhitelist.ign2 is up to date (version: custom database)
spamattach.hdb is up to date (version: custom database)
spear.ndb is up to date (version: custom database)
spearl.ndb is up to date (version: custom database)
blurl.ndb is up to date (version: custom database)
winnow.attachments.hdb is up to date (version: custom database)
winnow_bad_cw.hdb is up to date (version: custom database)
winnow_extended_malware.hdb is up to date (version: custom database)
bofhland_cracked_URL.ndb is up to date (version: custom database)
bofhland_malware_URL.ndb is up to date (version: custom database)
bofhland_phishing_URL.ndb is up to date (version: custom database)
bofhland_malware_attach.hdb is up to date (version: custom database)
crdfam.clamav.hdb is up to date (version: custom database)
malwarehash.hsb is up to date (version: custom database)
porcupine.ndb is up to date (version: custom database)
phishtank.ndb is up to date (version: custom database)
porcupine.hsb is up to date (version: custom database)
hackingteam.hsb is up to date (version: custom database)
badmacro.ndb is up to date (version: custom database)
Sanesecurity_sigtest.yara is up to date (version: custom database)
Sanesecurity_spam.yara is up to date (version: custom database)
Reading CVD header (main.cvd): WARNING: Can't read main.cvd header from 
database.clamav.net (IP: )
Trying again in 5 secs…

Regards

Simon

> On 6 Nov 2017, at 06:16, Tsutomu Oyamada  wrote:
> 
> Hi,
> 
> It looks like that Updating of CVD in database.clamav.net is not working
> (stopping).
> Do you have any trouble problem happened?
> 
> We are in Japan, and it set CNAME for database.clamav.net as
> db.jp.clamav.net.
> db.jp.clamav.net has 4 IP addresses and those are working in roundrobin.
> Every sites are working, but CVD version stops at 24010 as follows.
> 
> db.jp.clamav.net.   39  IN  A   218.44.253.75
> db.jp.clamav.net.   39  IN  A   203.178.137.175
> db.jp.clamav.net.   39  IN  A   27.96.54.66
> db.jp.clamav.net.   39  IN  A   124.35.85.83
> 
> 
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] update mirror trouble?

[Tsutomu Oyamada]

Hi,

It looks like that Updating of CVD in database.clamav.net is not working
(stopping).
Do you have any trouble problem happened?

We are in Japan, and it set CNAME for database.clamav.net as
db.jp.clamav.net.
db.jp.clamav.net has 4 IP addresses and those are working in roundrobin.
Every sites are working, but CVD version stops at 24010 as follows.

db.jp.clamav.net.   39  IN  A   218.44.253.75
db.jp.clamav.net.   39  IN  A   203.178.137.175
db.jp.clamav.net.   39  IN  A   27.96.54.66
db.jp.clamav.net.   39  IN  A   124.35.85.83


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update

[Dennis Peterson]

There are some trouble shooting tips at that link that may be helpful.

dp

On 4/7/16 11:44 AM, Al Varnell wrote:

It’s possible you will run into another such user here, but Cisco/ClamAV isn’t 
responsible for ClamTk, so you’ll probably get an answer faster by contacting 
Dave M at the link I gave you earlier.

-Al-

On Thu, Apr 07, 2016 at 11:35 AM, Rick wrote:

Linux mint mate 17.3

On 04/07/2016 02:29 PM, Al Varnell wrote:

Are you running a Linux system of some sort with ClamTK?  That’s the only thing 
I can find with a 4.45 version.



-Al-

On Thu, Apr 07, 2016 at 11:21 AM, Rick wrote:

ClamAV

On 04/07/2016 02:12 PM, Al Varnell wrote:

No, I mean is it ClamWin or ClamXav or something else?  You will need to ask 
the GUI developer about their product.

-Al-

On Thu, Apr 07, 2016 at 11:01 AM, Rick wrote:

version 4.45

On 04/07/2016 01:53 PM, Al Varnell wrote:

What GUI version is that?

-Al-

On Thu, Apr 07, 2016 at 10:25 AM, Rick wrote:

The GUI version will not update. It says there is an update.

What do I do ?

Also the clamav is one version below what is current. What do I need to do to 
update it ?


Rick Nilson


___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update

[Al Varnell]

It’s possible you will run into another such user here, but Cisco/ClamAV isn’t 
responsible for ClamTk, so you’ll probably get an answer faster by contacting 
Dave M at the link I gave you earlier.

-Al-

On Thu, Apr 07, 2016 at 11:35 AM, Rick wrote:
> 
> Linux mint mate 17.3
> 
> On 04/07/2016 02:29 PM, Al Varnell wrote:
>> Are you running a Linux system of some sort with ClamTK?  That’s the only 
>> thing I can find with a 4.45 version.
>> 
>> 
>> 
>> -Al-
>> 
>> On Thu, Apr 07, 2016 at 11:21 AM, Rick wrote:
>>> ClamAV
>>> 
>>> On 04/07/2016 02:12 PM, Al Varnell wrote:
 No, I mean is it ClamWin or ClamXav or something else?  You will need to 
 ask the GUI developer about their product.
 
 -Al-
 
 On Thu, Apr 07, 2016 at 11:01 AM, Rick wrote:
> version 4.45
> 
> On 04/07/2016 01:53 PM, Al Varnell wrote:
>> What GUI version is that?
>> 
>> -Al-
>> 
>> On Thu, Apr 07, 2016 at 10:25 AM, Rick wrote:
>>> The GUI version will not update. It says there is an update.
>>> 
>>> What do I do ?
>>> 
>>> Also the clamav is one version below what is current. What do I need to 
>>> do to update it ?
>>> 
>>> 
>>> Rick Nilson


smime.p7s
Description: S/MIME cryptographic signature
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update

[Rick]

Linux mint mate 17.3

On 04/07/2016 02:29 PM, Al Varnell wrote:

Are you running a Linux system of some sort with ClamTK?  That’s the only thing 
I can find with a 4.45 version.



-Al-

On Thu, Apr 07, 2016 at 11:21 AM, Rick wrote:

ClamAV

On 04/07/2016 02:12 PM, Al Varnell wrote:

No, I mean is it ClamWin or ClamXav or something else?  You will need to ask 
the GUI developer about their product.

-Al-

On Thu, Apr 07, 2016 at 11:01 AM, Rick wrote:

version 4.45

On 04/07/2016 01:53 PM, Al Varnell wrote:

What GUI version is that?

-Al-

On Thu, Apr 07, 2016 at 10:25 AM, Rick wrote:

The GUI version will not update. It says there is an update.

What do I do ?

Also the clamav is one version below what is current. What do I need to do to 
update it ?


Rick Nilson


___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

-Al-


___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

-Al-


___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update

[Rick]

|clamtk 
http://askubuntu.com/questions/250290/how-do-i-scan-for-viruses-with-clamav 
|




On 04/07/2016 02:27 PM, Dennis Peterson wrote:

ClamAV doesn't have a gui.

dp

On 4/7/16 11:21 AM, Rick wrote:

ClamAV

On 04/07/2016 02:12 PM, Al Varnell wrote:
No, I mean is it ClamWin or ClamXav or something else?  You will 
need to ask the GUI developer about their product.


-Al-

On Thu, Apr 07, 2016 at 11:01 AM, Rick wrote:

version 4.45

On 04/07/2016 01:53 PM, Al Varnell wrote:

What GUI version is that?

-Al-

On Thu, Apr 07, 2016 at 10:25 AM, Rick wrote:

The GUI version will not update. It says there is an update.

What do I do ?

Also the clamav is one version below what is current. What do I 
need to do to update it ?



Rick Nilson


___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

-Al-


___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update

[Al Varnell]

Are you running a Linux system of some sort with ClamTK?  That’s the only thing 
I can find with a 4.45 version.



-Al-

On Thu, Apr 07, 2016 at 11:21 AM, Rick wrote:
> 
> ClamAV
> 
> On 04/07/2016 02:12 PM, Al Varnell wrote:
>> No, I mean is it ClamWin or ClamXav or something else?  You will need to ask 
>> the GUI developer about their product.
>> 
>> -Al-
>> 
>> On Thu, Apr 07, 2016 at 11:01 AM, Rick wrote:
>>> version 4.45
>>> 
>>> On 04/07/2016 01:53 PM, Al Varnell wrote:
 What GUI version is that?
 
 -Al-
 
 On Thu, Apr 07, 2016 at 10:25 AM, Rick wrote:
> The GUI version will not update. It says there is an update.
> 
> What do I do ?
> 
> Also the clamav is one version below what is current. What do I need to 
> do to update it ?
> 
> 
> Rick Nilson
> 
> 
> ___
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
>>> ___
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>> 
>>> http://www.clamav.net/contact.html#ml
>> -Al-
>> 
>> 
>> ___
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
> 
> ___
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

-Al-
-- 
Al Varnell
Mountain View, CA






smime.p7s
Description: S/MIME cryptographic signature
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update

[Dennis Peterson]

ClamAV doesn't have a gui.

dp

On 4/7/16 11:21 AM, Rick wrote:

ClamAV

On 04/07/2016 02:12 PM, Al Varnell wrote:
No, I mean is it ClamWin or ClamXav or something else?  You will need to ask 
the GUI developer about their product.


-Al-

On Thu, Apr 07, 2016 at 11:01 AM, Rick wrote:

version 4.45

On 04/07/2016 01:53 PM, Al Varnell wrote:

What GUI version is that?

-Al-

On Thu, Apr 07, 2016 at 10:25 AM, Rick wrote:

The GUI version will not update. It says there is an update.

What do I do ?

Also the clamav is one version below what is current. What do I need to do 
to update it ?



Rick Nilson


___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

-Al-


___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update

[Al Varnell]

No, I mean is it ClamWin or ClamXav or something else?  You will need to ask 
the GUI developer about their product.

-Al-

On Thu, Apr 07, 2016 at 11:01 AM, Rick wrote:
> 
> version 4.45
> 
> On 04/07/2016 01:53 PM, Al Varnell wrote:
>> What GUI version is that?
>> 
>> -Al-
>> 
>> On Thu, Apr 07, 2016 at 10:25 AM, Rick wrote:
>>> The GUI version will not update. It says there is an update.
>>> 
>>> What do I do ?
>>> 
>>> Also the clamav is one version below what is current. What do I need to do 
>>> to update it ?
>>> 
>>> 
>>> Rick Nilson
>>> 
>>> 
>>> ___
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>> 
>>> http://www.clamav.net/contact.html#ml
> 
> ___
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

-Al-
-- 
Al Varnell
Mountain View, CA






smime.p7s
Description: S/MIME cryptographic signature
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] update

[Al Varnell]

What GUI version is that?

-Al-

On Thu, Apr 07, 2016 at 10:25 AM, Rick wrote:
> 
> The GUI version will not update. It says there is an update.
> 
> What do I do ?
> 
> Also the clamav is one version below what is current. What do I need to do to 
> update it ?
> 
> 
> Rick Nilson


smime.p7s
Description: S/MIME cryptographic signature
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Update Clamav with Debian Lenny

[Jim Preston]

On 08/04/2012 03:21 AM, G.W. Haywood wrote:

Hi there,

On Sat, 4 Aug 2012, n22e113 wrote:


To solve the problem (as root) ...


Were you also going to explain why you're installing a security
product on a distribution for which security updates have been
discontinued since February 6th 2012?

http://www.debian.org/releases/lenny/

--

73,
Ged.

Probably because the person has a too complicated system like I have 
(Fedora Core 7) and the update from 6 to 7 was so difficult and time 
consuming that I choose to just forgo upgrading again and went to 
compiling from sources updates to vulnerable programs.


And please do not start a rant, this is meant to be somewhat humorous if 
also somewhat sad and definitely not SOP or recommended. I have since 
built a new box but am still (after several months) trying to get 
application and data set moved over and working.


Jim

--
Jim Preston



___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Update Clamav with Debian Lenny

[G.W. Haywood]

Hi there,

On Sat, 4 Aug 2012, n22e113 wrote:


To solve the problem (as root) ...


Were you also going to explain why you're installing a security
product on a distribution for which security updates have been
discontinued since February 6th 2012?

http://www.debian.org/releases/lenny/

--

73,
Ged.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[clamav-users] Update Clamav with Debian Lenny

[n22e113]

Hi, list,
To solve the problem (as root) :) My bad! I know!

1. Make sure you have zlib-devl, gcc and make (I use gcc-4.3):
# aptitude -y install zlib1g-dev gcc-4.3 make

2. Download the latest (July 2012) stable source:
# cd /usr/src && wget 
http://sourceforge.net/projects/clamav/files/clamav/0.97.5/clamav-0.97.5.tar.gz

3. Decompress:
# cd /usr/src && tar xvzf clamav-0.97.5.tar.gz

4. Complie with make
# cd /usr/src/clamav-0.97.5 && ./configure –sysconfdir=/etc/clamav –exec_prefix=/usr && 
make && make install

5. Once complete:
# /etc/init.d/clamav-daemon restart

That’s it! Cheers!

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] update clamav

[Kris Deugau]

Bruno Barosa wrote:
> Hi,
> 
> The issue is not beeing able to update the clamav "core".
> Nigel posted about databse updates, if i understood it right.
> 
> I'm quoting my original post:
> 
> "
> Hi, can anyone help?
> Running on Centos 5.x (various versions from 5.4 to 5.8) 64bit.
> Epel installed, RPMForge unninstalled, and prefer to keep it this way.

And as previously responded, you have 3 choices to keep the Clam
software up to date if you don't want to use RPMForge:

-> Wait for EPEL to update their Clamav package(s)

-> Take an existing source package and rebuild for the current Clamav
release

-> Uninstall the packages and install straight from source

(There may be other groups building addon packages for RHEL and its
community rebuilds;  I haven't bothered looking since RPMForge works for
me.)

If you absolutely have to get the current version, and you can't build
from source (either straight source install or package rebuild), and you
don't want to use the RPMForge package, you'll have to bug the EPEL
folks for an updated package.

I used to build my own packages for quite a few things before I came
across Dag Wieers' efforts a number of years ago (which have since been
brought under the RPMForge umbrella), and aside from some personal
preference issues with how they've declared dependencies on some of the
more complex Perl(-using) packages (MIMEDefang and SpamAssassin) I
haven't had any issues with their packages.

-kgd
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] update clamav

[Benny Pedersen]

Den 2012-07-09 15:05, Bruno Barosa skrev:


The issue is not beeing able to update the clamav "core".
Nigel posted about databse updates, if i understood it right.


if 0.97.4 and 0.97.5 is stable why not tell package maintainers on 
centos about it ?


0.97.3 is still latest stable on gentoo/funtoo


___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] update clamav

[Bruno Barosa]

Hi,

The issue is not beeing able to update the clamav "core".
Nigel posted about databse updates, if i understood it right.

I'm quoting my original post:

"
Hi, can anyone help?
Running on Centos 5.x (various versions from 5.4 to 5.8) 64bit.
Epel installed, RPMForge unninstalled, and prefer to keep it this way.

Logwatch:

Last ClamAV update process started at Thu Jun 21 04:02:02 2012

 Last Status:
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.97.3 Recommended version: 0.97.5
DON'T PANIC! Readhttp://www.clamav.net/support/faq
main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: 
sven)
daily.cld is up to date (version: 15065, sigs: 219026, f-level: 63, 
builder: guitar)
bytecode.cld is up to date (version: 185, sigs: 39, f-level: 63, builder: 
neo)

 The following ERRORS and/or WARNINGS were detected when
 running the ClamAV update process.  If these ERRORS and/or
 WARNINGS do not show up in the "Last Status" section above,
 then their underlying cause has probably been corrected.

 WARNINGS:
Local version: 0.97.3 Recommended version: 0.97.5: 2 Time(s)
Your ClamAV installation is OUTDATED!: 2 Time(s)


-
Trying to update:

[root@myserver ~]# yum update clamav
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base:ftp.dei.uc.pt
 * epel:ftp.rediris.es
 * extras:ftp.dei.uc.pt
 * updates:ftp.dei.uc.pt
base
  | 1.1 kB 00:00
epel
  | 3.4 kB 00:00
extras  
  | 2.1 kB 00:00
updates 
  | 1.9 kB 00:00
Setting up Update Process
No Packages marked for Update
[root@reticulum ~]# yum update clam*
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base:ftp.dei.uc.pt
 * epel:ftp.rediris.es
 * extras:ftp.dei.uc.pt
 * updates:ftp.dei.uc.pt
Setting up Update Process
No Packages marked for Update


Thanks

Bruno
"

Regards,
Bruno
**

On 09-07-2012 13:58, Matt Olney wrote:

Bruno,

Nigel Houghton replied on Jun 27th:

"Here's the relevant information from the wiki:

Solution 1: Use an HTTP proxy

This solution is really easy to implement and is bandwidth efficient.

Install a proxy server (i.e. squid) and then tell your freshclam
clients to use it. This can be done by setting the HTTPProxyServer
parameter in freshclam.conf (see man 5 freshclam.conf for the
details).

Solution 2: Serve .cvd files from a local web server

This solution is really simple to implement but it's only effective if
your clients are all on the same local network and bandwidth is not an
issue for you.

Configure a local webserver on one of your machines (say
machine1.mylan) and let freshclam download the *.cvd files from
http://database.clamav.net to the webserver’s DocumentRoot.

Add this line to freshclam.conf on machine1.mylan:

   ScriptedUpdates off

First the database will be downloaded to the local webserver and then
the other clients on the network will update their copy of the
database from it. For this to work you have to change freshclam.conf
on your clients so that it reads:

   DatabaseMirror machine1.mylan

   ScriptedUpdates off"

Matt

On Mon, Jul 9, 2012 at 7:43 AM, Joel Esler  wrote:

What issue?

--
Joel Esler

On Jul 9, 2012, at 5:08 AM, Bruno Barosa  
wrote:


Hello again,

Good morning and a good week for all

anyone has got news on this issue?

Regards
Bruno

On 27-06-2012 19:29, Nigel Houghton wrote:

On Jun 27, 2012, at 8:12 AM, Matthew Olney wrote:


Apparently, the answer to this is on the wiki, but it is having issues.


Begin forwarded message:


From: Ilyas Doskhozhayev
Date: June 27, 2012, 5:45:28 AM EDT
To: jes...@sourcefire.com
Subject: update clamav

Hi thank all you team for this antivirus tool/

My question is on debian i have servers that can not update virus database  
directly from internet, so they update from local repository on network
So can i make clamav update from my local repository on server that has 
internet ?


I use this source list to update from repository on server

deb http://10.0.1.11/localrepository /

Thank in advanse

Here's the relevant information from the wiki:

Solution 1: Use an HTTP proxy

This solution is really easy to implement and is bandwidth efficient.

Install a proxy server (i.e. squid) and then tell your freshclam clients to use 
it. This can be done by setting the HTTPProxyServer parameter in freshclam.conf 
(see man 5 freshclam.conf for the details).

Solution 2: Serve .cvd files from a local web server

This solution is really simple to implement but it's only effective if your 
clients are all on the same local network an

Re: [clamav-users] update clamav

[Matt Olney]

Bruno,

Nigel Houghton replied on Jun 27th:

"Here's the relevant information from the wiki:

Solution 1: Use an HTTP proxy

This solution is really easy to implement and is bandwidth efficient.

Install a proxy server (i.e. squid) and then tell your freshclam
clients to use it. This can be done by setting the HTTPProxyServer
parameter in freshclam.conf (see man 5 freshclam.conf for the
details).

Solution 2: Serve .cvd files from a local web server

This solution is really simple to implement but it's only effective if
your clients are all on the same local network and bandwidth is not an
issue for you.

Configure a local webserver on one of your machines (say
machine1.mylan) and let freshclam download the *.cvd files from
http://database.clamav.net to the webserver’s DocumentRoot.

Add this line to freshclam.conf on machine1.mylan:

  ScriptedUpdates off

First the database will be downloaded to the local webserver and then
the other clients on the network will update their copy of the
database from it. For this to work you have to change freshclam.conf
on your clients so that it reads:

  DatabaseMirror machine1.mylan

  ScriptedUpdates off"

Matt

On Mon, Jul 9, 2012 at 7:43 AM, Joel Esler  wrote:
> What issue?
>
> --
> Joel Esler
>
> On Jul 9, 2012, at 5:08 AM, Bruno Barosa  
> wrote:
>
>> Hello again,
>>
>> Good morning and a good week for all
>>
>> anyone has got news on this issue?
>>
>> Regards
>> Bruno
>>
>> On 27-06-2012 19:29, Nigel Houghton wrote:
>>> On Jun 27, 2012, at 8:12 AM, Matthew Olney wrote:
>>>
 Apparently, the answer to this is on the wiki, but it is having issues.

> Begin forwarded message:
>
>> From: Ilyas Doskhozhayev
>> Date: June 27, 2012, 5:45:28 AM EDT
>> To: jes...@sourcefire.com
>> Subject: update clamav
>>
>> Hi thank all you team for this antivirus tool/
>>
>> My question is on debian i have servers that can not update virus 
>> database  directly from internet, so they update from local repository 
>> on network
>> So can i make clamav update from my local repository on server that has 
>> internet ?
>>
>>
>> I use this source list to update from repository on server
>>
>> deb http://10.0.1.11/localrepository /
>>
>> Thank in advanse
>>> Here's the relevant information from the wiki:
>>>
>>> Solution 1: Use an HTTP proxy
>>>
>>> This solution is really easy to implement and is bandwidth efficient.
>>>
>>> Install a proxy server (i.e. squid) and then tell your freshclam clients to 
>>> use it. This can be done by setting the HTTPProxyServer parameter in 
>>> freshclam.conf (see man 5 freshclam.conf for the details).
>>>
>>> Solution 2: Serve .cvd files from a local web server
>>>
>>> This solution is really simple to implement but it's only effective if your 
>>> clients are all on the same local network and bandwidth is not an issue for 
>>> you.
>>>
>>> Configure a local webserver on one of your machines (say machine1.mylan) 
>>> and let freshclam download the *.cvd files from http://database.clamav.net 
>>> to the webserver's DocumentRoot.
>>>
>>> Add this line to freshclam.conf on machine1.mylan:
>>>
>>>   ScriptedUpdates off
>>>
>>> First the database will be downloaded to the local webserver and then the 
>>> other clients on the network will update their copy of the database from 
>>> it. For this to work you have to change freshclam.conf on your clients so 
>>> that it reads:
>>>
>>>   DatabaseMirror machine1.mylan
>>>
>>>   ScriptedUpdates off
>>>
>>> --
>>> Nigel Houghton
>>> Head Mentalist, Time Lord
>>> SF VRT Department of Intelligence Excellence
>>> http://vrt-blog.snort.org/&&;  http://labs.snort.org/
>>>
>>>
>>>
>>> ___
>>> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
>>> http://www.clamav.net/support/ml
>> ___
>> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
>> http://www.clamav.net/support/ml
> ___
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] update clamav

[Joel Esler]

What issue?

-- 
Joel Esler

On Jul 9, 2012, at 5:08 AM, Bruno Barosa  
wrote:

> Hello again,
> 
> Good morning and a good week for all
> 
> anyone has got news on this issue?
> 
> Regards
> Bruno
> 
> On 27-06-2012 19:29, Nigel Houghton wrote:
>> On Jun 27, 2012, at 8:12 AM, Matthew Olney wrote:
>> 
>>> Apparently, the answer to this is on the wiki, but it is having issues.
>>> 
 Begin forwarded message:
 
> From: Ilyas Doskhozhayev
> Date: June 27, 2012, 5:45:28 AM EDT
> To: jes...@sourcefire.com
> Subject: update clamav
> 
> Hi thank all you team for this antivirus tool/
> 
> My question is on debian i have servers that can not update virus 
> database  directly from internet, so they update from local repository on 
> network
> So can i make clamav update from my local repository on server that has 
> internet ?
> 
> 
> I use this source list to update from repository on server
> 
> deb http://10.0.1.11/localrepository /
> 
> Thank in advanse
>> Here's the relevant information from the wiki:
>> 
>> Solution 1: Use an HTTP proxy
>> 
>> This solution is really easy to implement and is bandwidth efficient.
>> 
>> Install a proxy server (i.e. squid) and then tell your freshclam clients to 
>> use it. This can be done by setting the HTTPProxyServer parameter in 
>> freshclam.conf (see man 5 freshclam.conf for the details).
>> 
>> Solution 2: Serve .cvd files from a local web server
>> 
>> This solution is really simple to implement but it's only effective if your 
>> clients are all on the same local network and bandwidth is not an issue for 
>> you.
>> 
>> Configure a local webserver on one of your machines (say machine1.mylan) and 
>> let freshclam download the *.cvd files from http://database.clamav.net to 
>> the webserver's DocumentRoot.
>> 
>> Add this line to freshclam.conf on machine1.mylan:
>> 
>>   ScriptedUpdates off
>> 
>> First the database will be downloaded to the local webserver and then the 
>> other clients on the network will update their copy of the database from it. 
>> For this to work you have to change freshclam.conf on your clients so that 
>> it reads:
>> 
>>   DatabaseMirror machine1.mylan
>> 
>>   ScriptedUpdates off
>> 
>> --
>> Nigel Houghton
>> Head Mentalist, Time Lord
>> SF VRT Department of Intelligence Excellence
>> http://vrt-blog.snort.org/&&;  http://labs.snort.org/
>> 
>> 
>> 
>> ___
>> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
>> http://www.clamav.net/support/ml
> ___
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] update clamav

[Bruno Barosa]

Hello again,

Good morning and a good week for all

anyone has got news on this issue?

Regards
Bruno

On 27-06-2012 19:29, Nigel Houghton wrote:

On Jun 27, 2012, at 8:12 AM, Matthew Olney wrote:


Apparently, the answer to this is on the wiki, but it is having issues.


Begin forwarded message:


From: Ilyas Doskhozhayev
Date: June 27, 2012, 5:45:28 AM EDT
To: jes...@sourcefire.com
Subject: update clamav

Hi thank all you team for this antivirus tool/

My question is on debian i have servers that can not update virus database  
directly from internet, so they update from local repository on network
So can i make clamav update from my local repository on server that has 
internet ?


I use this source list to update from repository on server

deb http://10.0.1.11/localrepository /

Thank in advanse

Here's the relevant information from the wiki:

Solution 1: Use an HTTP proxy

This solution is really easy to implement and is bandwidth efficient.

Install a proxy server (i.e. squid) and then tell your freshclam clients to use 
it. This can be done by setting the HTTPProxyServer parameter in freshclam.conf 
(see man 5 freshclam.conf for the details).

Solution 2: Serve .cvd files from a local web server

This solution is really simple to implement but it's only effective if your 
clients are all on the same local network and bandwidth is not an issue for you.

Configure a local webserver on one of your machines (say machine1.mylan) and 
let freshclam download the *.cvd files from http://database.clamav.net to the 
webserver's DocumentRoot.

Add this line to freshclam.conf on machine1.mylan:

   ScriptedUpdates off

First the database will be downloaded to the local webserver and then the other 
clients on the network will update their copy of the database from it. For this 
to work you have to change freshclam.conf on your clients so that it reads:

   DatabaseMirror machine1.mylan

   ScriptedUpdates off

--
Nigel Houghton
Head Mentalist, Time Lord
SF VRT Department of Intelligence Excellence
http://vrt-blog.snort.org/&&;  http://labs.snort.org/



___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] update clamav

[Nigel Houghton]

On Jun 27, 2012, at 8:12 AM, Matthew Olney wrote:

> Apparently, the answer to this is on the wiki, but it is having issues.
> 
>> Begin forwarded message:
>> 
>>> From: Ilyas Doskhozhayev 
>>> Date: June 27, 2012, 5:45:28 AM EDT
>>> To: jes...@sourcefire.com
>>> Subject: update clamav
>>> 
>>> Hi thank all you team for this antivirus tool/
>>> 
>>> My question is on debian i have servers that can not update virus database  
>>> directly from internet, so they update from local repository on network
>>> So can i make clamav update from my local repository on server that has 
>>> internet ?
>>> 
>>> 
>>> I use this source list to update from repository on server 
>>> 
>>> deb http://10.0.1.11/localrepository /
>>> 
>>> Thank in advanse

Here's the relevant information from the wiki:

Solution 1: Use an HTTP proxy

This solution is really easy to implement and is bandwidth efficient.

Install a proxy server (i.e. squid) and then tell your freshclam clients to use 
it. This can be done by setting the HTTPProxyServer parameter in freshclam.conf 
(see man 5 freshclam.conf for the details).

Solution 2: Serve .cvd files from a local web server

This solution is really simple to implement but it's only effective if your 
clients are all on the same local network and bandwidth is not an issue for you.

Configure a local webserver on one of your machines (say machine1.mylan) and 
let freshclam download the *.cvd files from http://database.clamav.net to the 
webserver’s DocumentRoot.

Add this line to freshclam.conf on machine1.mylan:

  ScriptedUpdates off

First the database will be downloaded to the local webserver and then the other 
clients on the network will update their copy of the database from it. For this 
to work you have to change freshclam.conf on your clients so that it reads:

  DatabaseMirror machine1.mylan

  ScriptedUpdates off

--
Nigel Houghton
Head Mentalist, Time Lord
SF VRT Department of Intelligence Excellence
http://vrt-blog.snort.org/ && http://labs.snort.org/



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Update problem on daily.cld

[Török Edwin]

On 04/30/2010 04:34 AM, Dennis Peterson wrote:
> On 4/29/10 7:06 AM, Adam Stephens wrote:
> 
>>
>> That error doesn't come from the mirrors; it comes from freshclam - the
>> message is in manager.c, and it's triggered by this check in mirman.c:
>>
>> if(mdat->dbflevel && (mdat->dbflevel > flevel) && (mdat->dbflevel -
>> flevel > 3))
>> if(time(NULL) - mdat->mirtab[i].atime < (mdat->dbflevel - flevel) * 3600)
>> return 2;
>>
>> ClamAV's website says:
>>
>> "Starting from ClamAV 0.9x, whenever your ClamAV engine becomes outdated
>> and the difference between the functionality level required by the CVD
>> and the functionality level supported by your ClamAV engine is more than
>> 3, freshclam refuses to check for updates more often than 6 times per
>> day"
>>
> 
> Freshclam is not necessary to use ClamAV. It is a convenience but only a
> minor one. Perhaps you should decouple your system from the freshclam
> method and use http. Here are the links:
> 
> http://db.local.clamav.net/main.cvd
> http://db.local.clamav.net/daily.cvd

With 0.96 you'll also want this one:
http://db.local.clamav.net/bytecode.cvd

> 
> Here's a way to test signature versions:
> dig TXT current.cvd.clamav.net
> 
> ;; ANSWER SECTION:
> current.cvd.clamav.net. 900 IN  TXT
> "0.96:52:10878:1272589985:1:51:19931:12"
> 
> The first three ":" separated numbers are the current clamav version,
> the current version of the daily.cvd file, and the current version of
> the main.cvd file. The fourth field is a Unix time number (Unix epoch
> time).

And the 8th is the bytecode.cvd version

Best regards,
--Edwin
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Update problem on daily.cld

[Dennis Peterson]

On 4/29/10 7:06 AM, Adam Stephens wrote:



That error doesn't come from the mirrors; it comes from freshclam - the
message is in manager.c, and it's triggered by this check in mirman.c:

if(mdat->dbflevel && (mdat->dbflevel > flevel) && (mdat->dbflevel -
flevel > 3))
if(time(NULL) - mdat->mirtab[i].atime < (mdat->dbflevel - flevel) * 3600)
return 2;

ClamAV's website says:

"Starting from ClamAV 0.9x, whenever your ClamAV engine becomes outdated
and the difference between the functionality level required by the CVD
and the functionality level supported by your ClamAV engine is more than
3, freshclam refuses to check for updates more often than 6 times per day"



Freshclam is not necessary to use ClamAV. It is a convenience but only a minor 
one. Perhaps you should decouple your system from the freshclam method and use 
http. Here are the links:


http://db.local.clamav.net/main.cvd
http://db.local.clamav.net/daily.cvd

Here's a way to test signature versions:
dig TXT current.cvd.clamav.net

;; ANSWER SECTION:
current.cvd.clamav.net. 900 IN  TXT 
"0.96:52:10878:1272589985:1:51:19931:12"


The first three ":" separated numbers are the current clamav version, the 
current version of the daily.cvd file, and the current version of the main.cvd 
file. The fourth field is a Unix time number (Unix epoch time).


Now write a very simple script that gets the current version with dig, use curl 
to download the new signatures, use  clamscan to test the new signatures, and 
drop them into the working directory.


This is maybe 20 lines of shell script. Take the challenge.

dp
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Update problem on daily.cld

[aCaB]

Adam Stephens wrote:
>> This thread is dead for me.
>>   
> I'm delighted to hear it. Your contribution to date has been
> ill-informed, rude, and completely unhelpful.

I apologize for being dense and overreacting. The echoes of the recent
flames are still in my mind...

Back to topic 0.96+dfsg-4~volatile1 was accepted a couple of days ago
and it's digging its way to the mirrors. It shouldn't take long till all
archs are built and the debs are available.

--acab
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Update problem on daily.cld

[Adam Stephens]

aCaB wrote:

Adam Stephens wrote:
  

I'm seeing a similar problem, and I believe it's another issue caused by
ClamAV's aggressive policy of disabling older software versions. If I
run freshclam with debug options I see errors like this:



As stated multiple times "ClamAV's aggressive policy of disabling older
software versions" has got nothing to do with what mirrors do. In fact,
as stated multiple times, the clamav project has got no control over the
mirrors nor their admins which are left completely free to make use of
THEIR bandwith as THEY prefer. Banning old version is THEIR option as is
THEIR choice to serve older clients.
  


That error doesn't come from the mirrors; it comes from freshclam - the 
message is in manager.c, and it's triggered by this check in mirman.c:


   if(mdat->dbflevel && (mdat->dbflevel > flevel) && 
(mdat->dbflevel - flevel > 3))
   if(time(NULL) - mdat->mirtab[i].atime < (mdat->dbflevel 
- flevel) * 3600)

 return 2;

ClamAV's website says:

"Starting from ClamAV 0.9x, whenever your ClamAV engine becomes outdated 
and the difference between the functionality level required by the CVD 
and the functionality level supported by your ClamAV engine is more than 
3, freshclam refuses to check for updates more often than 6 times per day"


The recommended functionality level is 51, and the functionality level 
of 0.95.3 is 44 - so I think that code restricts 0.95.3 users to 
checking a mirror once every 7 hours.


  

If you're running an OS that hasn't packaged 0.96 yet, I think you now
need to build ClamAV from source if you want timely signature updates.
The odd thing is the ClamAV website still recommends using the Debian
Volatile packages.



Right. Because, as everybody knows, the clamav guys maintain Debian and
have control over volatile...
...and world hunger must be the clamav folks fault as well.


  


That's not what I said, is it? I said if your OS hasn't packaged 0.96 
yet, you need to compile from source to get timely updates. And I 
mentioned that the ClamAV site tells people to install the package from 
Debian volatile (although that page also mentions sarge & etch, so it 
clearly hasn't been updated in a while).



Anyway, that being said (for the milionth time), feel free to keep
complaining about free services and people behind them as much as you
like. 


I appreciate the some people are a bit twitchy after the furore 
disabling 0.94 caused, but I've not complained about ClamAV or the 
developers. All I've done is told a user requesting help what I believe 
their problem is and how to fix it.



This thread is dead for me.
  
I'm delighted to hear it. Your contribution to date has been 
ill-informed, rude, and completely unhelpful.


regards,
Adam Stephens.

--

Adam Stephens
Network Specialist - Email & DNS
adam.steph...@bristol.ac.uk

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Update problem on daily.cld

[aCaB]

Adam Stephens wrote:
> I'm seeing a similar problem, and I believe it's another issue caused by
> ClamAV's aggressive policy of disabling older software versions. If I
> run freshclam with debug options I see errors like this:

As stated multiple times "ClamAV's aggressive policy of disabling older
software versions" has got nothing to do with what mirrors do. In fact,
as stated multiple times, the clamav project has got no control over the
mirrors nor their admins which are left completely free to make use of
THEIR bandwith as THEY prefer. Banning old version is THEIR option as is
THEIR choice to serve older clients.

> If you're running an OS that hasn't packaged 0.96 yet, I think you now
> need to build ClamAV from source if you want timely signature updates.
> The odd thing is the ClamAV website still recommends using the Debian
> Volatile packages.

Right. Because, as everybody knows, the clamav guys maintain Debian and
have control over volatile...
...and world hunger must be the clamav folks fault as well.


Anyway, that being said (for the milionth time), feel free to keep
complaining about free services and people behind them as much as you
like. This thread is dead for me.

--aCaB
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Update problem on daily.cld

[Adam Stephens]

Test Andrea wrote:

Dear List,

This is my configuration:

CentOS 4.8

# clamdscan -V
ClamAV 0.95.3/10861/Thu Apr 29 04:16:19 2010

# sigtool --info=/home/amavisd/clamav/main.cld
File: /home/amavisd/clamav/main.cld
Build time: 15 Feb 2010 09:54 -0500
Version: 52
Signatures: 704727
Functionality level: 44
Builder: sven

# sigtool --info=/home/amavisd/clamav/daily.cld
File: /home/amavisd/clamav/daily.cld
Build time: 28 Apr 2010 22:16 -0400
Version: 10861
Signatures: 54573
Functionality level: 51
Builder: guitar

From few days ago i had these errors into the freshclam.log:

http://nopaste.info/6ce68caae7.html

Freshclamd running with the -d (Daemon) option at the boot of the Server.

I have this problem only for the incremental update of daily.cld. 
Yesterday i tried to stop freshclam, remove daily.cld and after the 
restart the 1st update of the daily.cld worked without errors.


I have the same problem on another server with Clamav 0.95.2 on Centos 
5.4.


I'm seeing a similar problem, and I believe it's another issue caused by 
ClamAV's aggressive policy of disabling older software versions. If I 
run freshclam with debug options I see errors like this:


Ignoring mirror 217.135.32.99 (has connected too many times with an 
outdated version)
Ignoring mirror 81.91.100.173 (has connected too many times with an 
outdated version)
Ignoring mirror 163.1.3.8 (has connected too many times with an outdated 
version)


...and so on for the other mirrors I'm using.

I have two scanning boxes running ClamAV built from source, which I've 
updated to 0.96, and two boxes running Debian Lenny, with ClamAV 
installed from the packages in the volatile repository. The Debian boxes 
are running Debian's most recent package, 0.95.3; I only see this 
problem on those boxes.


The 'outdated version' error appears to be the handling they added to 
stop older versions (which couldn't do incremental updates) from 
hammering the mirrors. I guess they're now applying it to all versions 
except for the most recent, even if they do incremental updates.


If you're running an OS that hasn't packaged 0.96 yet, I think you now 
need to build ClamAV from source if you want timely signature updates. 
The odd thing is the ClamAV website still recommends using the Debian 
Volatile packages.


regards,
Adam

--

Adam Stephens
Network Specialist - Email & DNS
adam.steph...@bristol.ac.uk

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Update problem on daily.cld

[aCaB]

Test Andrea wrote:
> http://nopaste.info/6ce68caae7.html

Ciao Andrea,

I assume from you address that you are based in Italy. The problem is
very likely related to db.it.clamav.net failing to properly sync the
database files.

These kind of issues are generally only temporary and are fixed within a
few days.

In the meantime you can either ignore the error or temporarly add
another DatabaseMirror directive in freshclam.conf (specify another
european mirror like db.de.clamav.net).
If you choose to add a mirror make sure that you also remove mirrors.dat
as by now freshclam has probably blacklisted all the servers.

HtH,
-acab
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[Clamav-users] Update problem on daily.cld

[Test Andrea]

Dear List,

This is my configuration:

CentOS 4.8

# clamdscan -V
ClamAV 0.95.3/10861/Thu Apr 29 04:16:19 2010

# sigtool --info=/home/amavisd/clamav/main.cld
File: /home/amavisd/clamav/main.cld
Build time: 15 Feb 2010 09:54 -0500
Version: 52
Signatures: 704727
Functionality level: 44
Builder: sven

# sigtool --info=/home/amavisd/clamav/daily.cld
File: /home/amavisd/clamav/daily.cld
Build time: 28 Apr 2010 22:16 -0400
Version: 10861
Signatures: 54573
Functionality level: 51
Builder: guitar

From few days ago i had these errors into the freshclam.log:

http://nopaste.info/6ce68caae7.html

Freshclamd running with the -d (Daemon) option at the boot of the Server.

I have this problem only for the incremental update of daily.cld. 
Yesterday i tried to stop freshclam, remove daily.cld and after the 
restart the 1st update of the daily.cld worked without errors.


I have the same problem on another server with Clamav 0.95.2 on Centos 5.4.

Any Ideas?

Best Regards

Andrea
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Update Virus Definitions Using SSL

[Török Edwin]

On 02/15/2010 03:45 PM, Matus UHLAR - fantomas wrote:
>> On 02/15/2010 02:54 PM, sokratis.kapetan...@accenture.com wrote:
>> 
>>> I was wondering if there is a way to connect to the Update Servers (not
>>> mirrors) using SSL/HTTPS instead of standard HTTP.
>>>   
>
> On 15.02.10 15:34, Török Edwin wrote:
>   
>> The databases, and updates are digitally signed, so you don't need
>> SSL/HTTPS.
>> Freshclam and libclamav check the digital signatures when loading the
>> databases.
>> 
>
> hmmm, signed by whom? And where are public keys stored? 


CVDs are signed prior to publishing, and pushing to the mirrors.
The public key is hardcoded in libclamav.

You can verify the signature using sigtool manually:
$ sigtool/sigtool --info daily.cvd
File: daily.cvd
Build time: 14 Feb 2010 20:31 -0500
Version: 10392
Signatures: 168531
Functionality level: 44
Builder: acab
MD5: d6ab08bc2271847d06ebcfe95a2b6bfc
Digital signature:
lamlVM3R8gXfEFFGQTQ0ptug07l6p1zkr40HyRgi9/g1rvIiBTP7I1N/XDwsMzEb9QwKv0HkMQyRneCYc7VE5PU8Eysg1kp3LM/AnqpyfTGcZ2NKfFaUPOuaRkfjSF8z7iExR1bY3miLzKlVmT/ZM/7Dr4ofa3NOpM6cXqr1Gyj
Verification OK.

If the database is tampered with you will get something like this (for
example if one byte is wrong):
ile: daily.cvd
Build time: 14 Feb 2010 20:31 -0500
Version: 10392
Signatures: 168531
Functionality level: 44
Builder: acab
MD5: d6ab08bc2271847d06ebcfe95a2b6bfc
Digital signature:
lamlVM3R8gXfEFFGQTQ0ptug07l6p1zkr40HyRgi9/g1rvIiBTP7I1N/XDwsMzEb9QwKv0HkMQyRneCYc7VE5PU8Eysg1kp3LM/AnqpyfTGcZ2NKfFaUPOuaRkfjSF8z7iExR1bY3miLzKlVmT/ZM/7Dr4ofa3NOpM6cXqr1Gyj
ERROR: cvdinfo: Verification: Can't verify database integrity

cdiff files (incremental updates) have a digital signature that is
checked by freshclam too.
Also 0.96 will check the SHA-256 hash of each file in the .cvd/.cld, and
these hashes are signed similarly to .cdiffs.

So downloading via HTTPS/SSL won't give you additional security.
In fact if freshclam wasn't able to check the digital signature, then
even if you downloaded over HTTPS you wouldn't know
if the databases have been tampered with or not.
You only know that you get what is on the mirror, and not that the
mirror has the same database that was published.

> How are 3rd party
> databases checked?
>   

They are not checked by freshclam (yet). Some 3rdparty update scripts
check them using gpg signatures I think.

Best regards,
--Edwin
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Update Virus Definitions Using SSL

[Matus UHLAR - fantomas]

> On 02/15/2010 02:54 PM, sokratis.kapetan...@accenture.com wrote:
> > I was wondering if there is a way to connect to the Update Servers (not
> > mirrors) using SSL/HTTPS instead of standard HTTP.

On 15.02.10 15:34, Török Edwin wrote:
> The databases, and updates are digitally signed, so you don't need
> SSL/HTTPS.
> Freshclam and libclamav check the digital signatures when loading the
> databases.

hmmm, signed by whom? And where are public keys stored? How are 3rd party
databases checked?
-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
LSD will make your ECS screen display 16.7 million colors
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Update Virus Definitions Using SSL

[Török Edwin]

On 02/15/2010 02:54 PM, sokratis.kapetan...@accenture.com wrote:
> Hi,
>
> I was wondering if there is a way to connect to the Update Servers (not 
> mirrors) using SSL/HTTPS instead of standard HTTP.

That would be a waste of resources on the mirrors.

>  I couldn't find any information regarding that so far. Has anyone tried that 
> before or knows how it can be configured?
>   

The databases, and updates are digitally signed, so you don't need
SSL/HTTPS.
Freshclam and libclamav check the digital signatures when loading the
databases.

Best regards,
--Edwin
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Update Virus Definitions Using SSL

[Jon Bendtsen]

On 15/02/2010, at 13.54,  
 wrote:

> Hi,
> 
> I was wondering if there is a way to connect to the Update Servers (not 
> mirrors) using SSL/HTTPS instead of standard HTTP. I couldn't find any 
> information regarding that so far. Has anyone tried that before or knows how 
> it can be configured?

Why do you want to do that?
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[Clamav-users] Update Virus Definitions Using SSL

[sokratis.kapetaneas]

Hi,

I was wondering if there is a way to connect to the Update Servers (not 
mirrors) using SSL/HTTPS instead of standard HTTP. I couldn't find any 
information regarding that so far. Has anyone tried that before or knows how it 
can be configured?

By the way, I'm running the software on Solaris.

Thanks,

Sokratis



This message is for the designated recipient only and may contain privileged, 
proprietary, or otherwise private information.  If you have received it in 
error, please notify the sender immediately and delete the original.  Any other 
use of the email by you is prohibited.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Update to the signatures.pdf

[Sarocet]

Nathan Brink wrote:
> There is an option for echo that removes the linefeed:
> ohnobi...@ohnopublishing ~/html/anindex $ echo -n "How do I look in 
> hex?" |sigtool --hex-dump
> 486f7720646f2049206c6f6f6b20696e206865783f
>
> There is no reason to, but I prefer echo to printf. Maybe because printf 
> processes escapes such as ``%s'' and ``%%'':
> ohnobi...@ohnopublishing ~/html/anindex $ printf %%\\n
> %
>
> Maybe you should include a warning note about how printf will eat 
> certain characters ;-).
>   
echo -n is not standard. printf is.
If you don't want it to eat characters use

$ printf %s "Foo%%Bar"
Foo%%Bar

Beware of spaces splitting the text to the second argument, though.


___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Update to the signatures.pdf

[Dennis Peterson]

Nathan Brink wrote:
> Dennis Peterson wrote:
>> Joel Richard wrote:
>>
>>> This just bit in the behind real good. I'd like to propose a small
>>> change to the signatures.pdf document.
>>>
>>> http://www.clamav.net/doc/latest/signatures.pdf
>>>
>>> There's an example that reads
>>>
>>> z...@localhost:/tmp/test$  sigtool --hex-dump
>>> How do I look in hex?
>>> 486f7720646f2049206c6f6f6b20696e206865783f0a
>>>
>>> This is a perfect example, but it needs to be noted in the document
>>> that if you are using this to create a snippet of hex-ed HTML as your
>>> signature that you need to strip the "0a" from the end of the encoded
>>> text.
>>>
>>>  
>> This also fails to represent the string because echo includes a line feed:
>>
>> echo "How do I look in hex?" |sigtool --hex-dump
>>
>> but this works:
>>
>> printf "How do I look in hex?" |sigtool --hex-dump
>>
>> There is no automatic linefeed with the printf command.
>>
> There is an option for echo that removes the linefeed:
> ohnobi...@ohnopublishing ~/html/anindex $ echo -n "How do I look in 
> hex?" |sigtool --hex-dump
> 486f7720646f2049206c6f6f6b20696e206865783f
> 
> There is no reason to, but I prefer echo to printf. Maybe because printf 
> processes escapes such as ``%s'' and ``%%'':
> ohnobi...@ohnopublishing ~/html/anindex $ printf %%\\n
> %
> 
> Maybe you should include a warning note about how printf will eat 
> certain characters ;-).
> 

Let me know how that echo -n command works out for you in Solaris.

dp


___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Update to the signatures.pdf

[Nathan Brink]

Dennis Peterson wrote:
> Joel Richard wrote:
>
>> This just bit in the behind real good. I'd like to propose a small
>> change to the signatures.pdf document.
>>
>>  http://www.clamav.net/doc/latest/signatures.pdf
>>
>> There's an example that reads
>>
>>  z...@localhost:/tmp/test$  sigtool --hex-dump
>>  How do I look in hex?
>>  486f7720646f2049206c6f6f6b20696e206865783f0a
>>
>> This is a perfect example, but it needs to be noted in the document
>> that if you are using this to create a snippet of hex-ed HTML as your
>> signature that you need to strip the "0a" from the end of the encoded
>> text.
>>
>>  
>
> This also fails to represent the string because echo includes a line feed:
>
> echo "How do I look in hex?" |sigtool --hex-dump
>
> but this works:
>
> printf "How do I look in hex?" |sigtool --hex-dump
>
> There is no automatic linefeed with the printf command.
>
There is an option for echo that removes the linefeed:
ohnobi...@ohnopublishing ~/html/anindex $ echo -n "How do I look in 
hex?" |sigtool --hex-dump
486f7720646f2049206c6f6f6b20696e206865783f

There is no reason to, but I prefer echo to printf. Maybe because printf 
processes escapes such as ``%s'' and ``%%'':
ohnobi...@ohnopublishing ~/html/anindex $ printf %%\\n
%

Maybe you should include a warning note about how printf will eat 
certain characters ;-).

-- 
binki

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Update to the signatures.pdf

[Dennis Peterson]

Joel Richard wrote:
> This just bit in the behind real good. I'd like to propose a small  
> change to the signatures.pdf document.
> 
>   http://www.clamav.net/doc/latest/signatures.pdf
> 
> There's an example that reads
> 
>   z...@localhost:/tmp/test$  sigtool --hex-dump
>   How do I look in hex?
>   486f7720646f2049206c6f6f6b20696e206865783f0a
> 
> This is a perfect example, but it needs to be noted in the document  
> that if you are using this to create a snippet of hex-ed HTML as your  
> signature that you need to strip the "0a" from the end of the encoded  
> text.
> 


This also fails to represent the string because echo includes a line feed:

echo "How do I look in hex?" |sigtool --hex-dump

but this works:

printf "How do I look in hex?" |sigtool --hex-dump

There is no automatic linefeed with the printf command.

dp

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml